Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/swami-2.2.1/src/libswami/SwamiContainer.c
Examining data/swami-2.2.1/src/libswami/SwamiContainer.h
Examining data/swami-2.2.1/src/libswami/SwamiControl.c
Examining data/swami-2.2.1/src/libswami/SwamiControl.h
Examining data/swami-2.2.1/src/libswami/SwamiControlEvent.c
Examining data/swami-2.2.1/src/libswami/SwamiControlEvent.h
Examining data/swami-2.2.1/src/libswami/SwamiControlFunc.c
Examining data/swami-2.2.1/src/libswami/SwamiControlFunc.h
Examining data/swami-2.2.1/src/libswami/SwamiControlHub.c
Examining data/swami-2.2.1/src/libswami/SwamiControlHub.h
Examining data/swami-2.2.1/src/libswami/SwamiControlMidi.c
Examining data/swami-2.2.1/src/libswami/SwamiControlMidi.h
Examining data/swami-2.2.1/src/libswami/SwamiControlProp.c
Examining data/swami-2.2.1/src/libswami/SwamiControlProp.h
Examining data/swami-2.2.1/src/libswami/SwamiControlQueue.c
Examining data/swami-2.2.1/src/libswami/SwamiControlQueue.h
Examining data/swami-2.2.1/src/libswami/SwamiControlValue.c
Examining data/swami-2.2.1/src/libswami/SwamiControlValue.h
Examining data/swami-2.2.1/src/libswami/SwamiEvent_ipatch.c
Examining data/swami-2.2.1/src/libswami/SwamiEvent_ipatch.h
Examining data/swami-2.2.1/src/libswami/SwamiLock.c
Examining data/swami-2.2.1/src/libswami/SwamiLock.h
Examining data/swami-2.2.1/src/libswami/SwamiLog.c
Examining data/swami-2.2.1/src/libswami/SwamiLog.h
Examining data/swami-2.2.1/src/libswami/SwamiLoopFinder.c
Examining data/swami-2.2.1/src/libswami/SwamiLoopFinder.h
Examining data/swami-2.2.1/src/libswami/SwamiLoopResults.c
Examining data/swami-2.2.1/src/libswami/SwamiLoopResults.h
Examining data/swami-2.2.1/src/libswami/SwamiMidiDevice.c
Examining data/swami-2.2.1/src/libswami/SwamiMidiDevice.h
Examining data/swami-2.2.1/src/libswami/SwamiMidiEvent.c
Examining data/swami-2.2.1/src/libswami/SwamiMidiEvent.h
Examining data/swami-2.2.1/src/libswami/SwamiObject.c
Examining data/swami-2.2.1/src/libswami/SwamiObject.h
Examining data/swami-2.2.1/src/libswami/SwamiParam.c
Examining data/swami-2.2.1/src/libswami/SwamiParam.h
Examining data/swami-2.2.1/src/libswami/SwamiPlugin.c
Examining data/swami-2.2.1/src/libswami/SwamiPlugin.h
Examining data/swami-2.2.1/src/libswami/SwamiPropTree.c
Examining data/swami-2.2.1/src/libswami/SwamiPropTree.h
Examining data/swami-2.2.1/src/libswami/SwamiRoot.c
Examining data/swami-2.2.1/src/libswami/SwamiRoot.h
Examining data/swami-2.2.1/src/libswami/SwamiWavetbl.c
Examining data/swami-2.2.1/src/libswami/SwamiWavetbl.h
Examining data/swami-2.2.1/src/libswami/builtin_enums.c
Examining data/swami-2.2.1/src/libswami/builtin_enums.h
Examining data/swami-2.2.1/src/libswami/i18n.h
Examining data/swami-2.2.1/src/libswami/libswami.c
Examining data/swami-2.2.1/src/libswami/libswami.h
Examining data/swami-2.2.1/src/libswami/swami_priv.h
Examining data/swami-2.2.1/src/libswami/util.c
Examining data/swami-2.2.1/src/libswami/util.h
Examining data/swami-2.2.1/src/libswami/value_transform.c
Examining data/swami-2.2.1/src/plugins/fftune.c
Examining data/swami-2.2.1/src/plugins/fftune.h
Examining data/swami-2.2.1/src/plugins/fftune_gui.c
Examining data/swami-2.2.1/src/plugins/fftune_gui.h
Examining data/swami-2.2.1/src/plugins/fftune_i18n.h
Examining data/swami-2.2.1/src/plugins/fluidsynth.c
Examining data/swami-2.2.1/src/plugins/fluidsynth_gui.c
Examining data/swami-2.2.1/src/plugins/fluidsynth_gui_i18n.h
Examining data/swami-2.2.1/src/plugins/fluidsynth_i18n.c
Examining data/swami-2.2.1/src/plugins/fluidsynth_i18n.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiBar.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiBar.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiBarPtr.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiBarPtr.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiCanvasMod.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiCanvasMod.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiComboEntry.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiComboEntry.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiControl.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiControl.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiControlAdj.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiControlAdj.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiControlMidiKey.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiControlMidiKey.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiControl_widgets.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiDnd.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiItemMenu.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiItemMenu.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiItemMenu_actions.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiKnob.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiKnob.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiLoopFinder.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiLoopFinder.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiMenu.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiMenu.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiModEdit.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiMultiSave.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiMultiSave.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanel.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanel.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2Gen.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2Gen.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenEnv.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenEnv.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenMisc.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenMisc.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSelector.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSelector.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPaste.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPaste.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPiano.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPiano.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPref.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPref.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiProp.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiProp.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiPythonView.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiPythonView.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiRoot.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiRoot.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleCanvas.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleCanvas.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleEditor.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleEditor.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiSpectrumCanvas.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiSpectrumCanvas.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiSpinScale.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiSpinScale.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiSplits.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiSplits.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiStatusbar.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiStatusbar.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiTree.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiTree.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStore.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStore.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStoreConfig.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStoreConfig.h
Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStorePatch.c
Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStorePatch.h
Examining data/swami-2.2.1/src/swamigui/builtin_enums.c
Examining data/swami-2.2.1/src/swamigui/builtin_enums.h
Examining data/swami-2.2.1/src/swamigui/glade_strings.c
Examining data/swami-2.2.1/src/swamigui/help.c
Examining data/swami-2.2.1/src/swamigui/help.h
Examining data/swami-2.2.1/src/swamigui/i18n.h
Examining data/swami-2.2.1/src/swamigui/icons.c
Examining data/swami-2.2.1/src/swamigui/icons.h
Examining data/swami-2.2.1/src/swamigui/main.c
Examining data/swami-2.2.1/src/swamigui/patch_funcs.c
Examining data/swami-2.2.1/src/swamigui/patch_funcs.h
Examining data/swami-2.2.1/src/swamigui/splash.c
Examining data/swami-2.2.1/src/swamigui/splash.h
Examining data/swami-2.2.1/src/swamigui/swami_python.c
Examining data/swami-2.2.1/src/swamigui/swami_python.h
Examining data/swami-2.2.1/src/swamigui/swamigui.h
Examining data/swami-2.2.1/src/swamigui/tools/cdump.c
Examining data/swami-2.2.1/src/swamigui/util.c
Examining data/swami-2.2.1/src/swamigui/util.h
Examining data/swami-2.2.1/src/swamigui/widgets/combo-box.c
Examining data/swami-2.2.1/src/swamigui/widgets/combo-box.h
Examining data/swami-2.2.1/src/swamigui/widgets/icon-combo.c
Examining data/swami-2.2.1/src/swamigui/widgets/icon-combo.h
Examining data/swami-2.2.1/src/swamish/swamish.c
FINAL RESULTS:
data/swami-2.2.1/src/libswami/util.c:141:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, notes[note % 12]);
data/swami-2.2.1/src/libswami/util.c:144:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, octavestr);
data/swami-2.2.1/src/plugins/fluidsynth_gui.c:341:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuf, knobnames[i]);
data/swami-2.2.1/src/swamigui/SwamiguiPref.c:446:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(notename, "%s%d", note_names[i % 12], i / 12);
data/swami-2.2.1/src/swamigui/SwamiguiPref.c:668:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(notename, "%s%d", note_names[count % 12], count / 12);
data/swami-2.2.1/src/swamigui/SwamiguiPref.c:695:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(notename, "%s%d", note_names[count % 12], count / 12);
data/swami-2.2.1/src/libswami/SwamiMidiDevice.c:121:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(oclass->open)
data/swami-2.2.1/src/libswami/SwamiMidiDevice.c:123:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval = (*oclass->open)(device, err);
data/swami-2.2.1/src/libswami/SwamiMidiDevice.h:63:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean(*open)(SwamiMidiDevice *device, GError **err);
data/swami-2.2.1/src/libswami/SwamiPlugin.h:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4]; /* magic string to ensure sanity */
data/swami-2.2.1/src/libswami/SwamiWavetbl.c:295:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_return_val_if_fail(wavetbl_class->open != NULL, FALSE);
data/swami-2.2.1/src/libswami/SwamiWavetbl.c:302:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval = wavetbl_class->open(wavetbl, err);
data/swami-2.2.1/src/libswami/SwamiWavetbl.h:67:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean(*open)(SwamiWavetbl *wavetbl, GError **err);
data/swami-2.2.1/src/libswami/util.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octavestr[3];
data/swami-2.2.1/src/libswami/util.c:143:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (octavestr, "%d", MIDI_TO_MUSIC_OCT(note / 12));
data/swami-2.2.1/src/plugins/fftune_gui.c:692:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char powerstr[6], freqstr[32], notestr[11], centsstr[16];
data/swami-2.2.1/src/plugins/fftune_gui.c:718:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(powerstr, "%0.2f", power / max_power);
data/swami-2.2.1/src/plugins/fftune_gui.c:719:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(freqstr, "%0.2f", freq);
data/swami-2.2.1/src/plugins/fftune_gui.c:720:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(centsstr, "%0.2f", cents);
data/swami-2.2.1/src/plugins/fftune_gui.c:724:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(notestr, "<0");
data/swami-2.2.1/src/plugins/fftune_gui.c:728:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(notestr, ">127");
data/swami-2.2.1/src/plugins/fftune_gui.c:732:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(notestr, "%d | ", note);
data/swami-2.2.1/src/plugins/fluidsynth.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PRESET_NAME_LEN]; /* for presets */
data/swami-2.2.1/src/plugins/fluidsynth.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PRESET_NAME_LEN]; /* for presets */
data/swami-2.2.1/src/plugins/fluidsynth.c:1151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/swami-2.2.1/src/plugins/fluidsynth.c:1718:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16]; /* enough space to store printf "&%p" */
data/swami-2.2.1/src/plugins/fluidsynth.c:1951:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256]; /* using static buffer so info string can be freed */
data/swami-2.2.1/src/plugins/fluidsynth.c:2059:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256]; /* return string is static */
data/swami-2.2.1/src/plugins/fluidsynth.c:2408:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wavetbl->rt_sel_values, sel_values,
data/swami-2.2.1/src/plugins/fluidsynth.c:2410:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wavetbl->rt_voices, fluid_voices,
data/swami-2.2.1/src/plugins/fluidsynth_gui.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[32];
data/swami-2.2.1/src/plugins/fluidsynth_gui.c:340:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(namebuf, "Knob");
data/swami-2.2.1/src/swamigui/SwamiguiCanvasMod.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mod->vars, default_vars, sizeof(SwamiguiCanvasModVars)
data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:558:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * name_pix_src[2] = {"PIXSrc", "PIXAmtSrc"};
data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:559:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * name_hbx_box[2] = {"HBXSrc", "HBXAmtSrc"};
data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:560:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * name_com_src_ctrl[2] = {"COMSrcCtrl", "COMAmtCtrl"};
data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:1578:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * name_pix_src[2] = {"PIXSrc", "PIXAmtSrc"};
data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:1579:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * name_com_src_ctrl[2] = {"COMSrcCtrl", "COMAmtCtrl"};
data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notestr[9] = { 0 };
data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c:90:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(notestr, "%d | ", note);
data/swami-2.2.1/src/swamigui/SwamiguiPiano.c:123:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char white_key_infos[7] =
data/swami-2.2.1/src/swamigui/SwamiguiPiano.c:149:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char note_key_infos[12] =
data/swami-2.2.1/src/swamigui/SwamiguiPiano.c:950:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char midiNote[5];
data/swami-2.2.1/src/swamigui/SwamiguiPref.c:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notename[16];
data/swami-2.2.1/src/swamigui/SwamiguiPref.c:646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notename[16];
data/swami-2.2.1/src/swamigui/SwamiguiRoot.c:1942:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[64];
data/swami-2.2.1/src/swamigui/SwamiguiSplits.c:1030:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstr[5], hstr[5];
data/swami-2.2.1/src/swamigui/patch_funcs.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *groups[2] = { SWAMIGUI_ROOT_INSTRUMENT_FILES_GROUP, NULL };
data/swami-2.2.1/src/swamigui/swami_python.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *new_argv[argc];
data/swami-2.2.1/src/swamigui/tools/cdump.c:30:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pszFileName, "rb");
data/swami-2.2.1/src/swamigui/tools/cdump.c:53:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pszFileName, "rb");
data/swami-2.2.1/src/swamigui/util.c:426:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(object_ids, dep_ids, count * sizeof(char *));
data/swami-2.2.1/src/swamigui/util.c:521:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(depids, bag->deparray->pdata, bag->deparray->len * sizeof(gpointer));
data/swami-2.2.1/src/plugins/fftune_gui.c:733:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
swami_util_midi_note_to_str(note, notestr + strlen(notestr));
data/swami-2.2.1/src/plugins/fluidsynth.c:380:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(reverb_presets[0].name, N_("Default"), PRESET_NAME_LEN);
data/swami-2.2.1/src/plugins/fluidsynth.c:395:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(chorus_presets[0].name, N_("Default"), PRESET_NAME_LEN);
data/swami-2.2.1/src/swamigui/SwamiguiItemMenu.c:563:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail(action_id != NULL && strlen(action_id) > 0);
data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c:91:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
swami_util_midi_note_to_str(note, notestr + strlen(notestr));
data/swami-2.2.1/src/swamigui/SwamiguiTree.c:1730:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tree->search_end_pos = startpos + strlen(search);
data/swami-2.2.1/src/swamigui/icons.c:58:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int prefix_len = strlen("swamigui_");
data/swami-2.2.1/src/swamigui/patch_funcs.c:129:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(path && strlen(path))
data/swami-2.2.1/src/swamigui/patch_funcs.c:834:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(path_sample_export && strlen(path_sample_export))
data/swami-2.2.1/src/swamigui/util.c:767:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newstr = g_new(char, strlen(str) + 1);
ANALYSIS SUMMARY:
Hits = 63
Lines analyzed = 59146 in approximately 1.26 seconds (47051 lines/second)
Physical Source Lines of Code (SLOC) = 39120
Hits@level = [0] 17 [1] 10 [2] 47 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 80 [1+] 63 [2+] 53 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 2.04499 [1+] 1.61043 [2+] 1.35481 [3+] 0.153374 [4+] 0.153374 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.