Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/swh-plugins-0.4.17/acconfig.h
Examining data/swh-plugins-0.4.17/gsm/add.c
Examining data/swh-plugins-0.4.17/gsm/code.c
Examining data/swh-plugins-0.4.17/gsm/config.h
Examining data/swh-plugins-0.4.17/gsm/decode.c
Examining data/swh-plugins-0.4.17/gsm/gsm.h
Examining data/swh-plugins-0.4.17/gsm/gsm_create.c
Examining data/swh-plugins-0.4.17/gsm/gsm_decode.c
Examining data/swh-plugins-0.4.17/gsm/gsm_destroy.c
Examining data/swh-plugins-0.4.17/gsm/gsm_encode.c
Examining data/swh-plugins-0.4.17/gsm/gsm_option.c
Examining data/swh-plugins-0.4.17/gsm/long_term.c
Examining data/swh-plugins-0.4.17/gsm/lpc.c
Examining data/swh-plugins-0.4.17/gsm/preprocess.c
Examining data/swh-plugins-0.4.17/gsm/private.h
Examining data/swh-plugins-0.4.17/gsm/proto.h
Examining data/swh-plugins-0.4.17/gsm/rpe.c
Examining data/swh-plugins-0.4.17/gsm/short_term.c
Examining data/swh-plugins-0.4.17/gsm/table.c
Examining data/swh-plugins-0.4.17/gsm/unproto.h
Examining data/swh-plugins-0.4.17/gverb/gverb-test.c
Examining data/swh-plugins-0.4.17/gverb/gverb.c
Examining data/swh-plugins-0.4.17/gverb/gverb.h
Examining data/swh-plugins-0.4.17/gverb/gverbdsp.c
Examining data/swh-plugins-0.4.17/gverb/gverbdsp.h
Examining data/swh-plugins-0.4.17/impulses/01-unit.h
Examining data/swh-plugins-0.4.17/impulses/02-steves-flat.h
Examining data/swh-plugins-0.4.17/impulses/03-stk-m1.h
Examining data/swh-plugins-0.4.17/impulses/04-fender-68-vibrolux-sm57.h
Examining data/swh-plugins-0.4.17/impulses/05-fender-68-vibrolux-sm57-off.h
Examining data/swh-plugins-0.4.17/impulses/06-fender-68-vibrolux-at4050.h
Examining data/swh-plugins-0.4.17/impulses/07-fender-68-vibrolux-ui87.h
Examining data/swh-plugins-0.4.17/impulses/08-fender-bassman-sm57.h
Examining data/swh-plugins-0.4.17/impulses/09-fender-bassman-sm57-off.h
Examining data/swh-plugins-0.4.17/impulses/10-fender-bassman-at4050.h
Examining data/swh-plugins-0.4.17/impulses/11-fender-bassman-ui87.h
Examining data/swh-plugins-0.4.17/impulses/12-fender-superchamp-sm57.h
Examining data/swh-plugins-0.4.17/impulses/13-fender-superchamp-sm57-off.h
Examining data/swh-plugins-0.4.17/impulses/14-fender-superchamp-at4050.h
Examining data/swh-plugins-0.4.17/impulses/15-fender-superchamp-ui87.h
Examining data/swh-plugins-0.4.17/impulses/16-marshall-jcm2000-sm57.h
Examining data/swh-plugins-0.4.17/impulses/17-marshall-jcm2000-sm57-off.h
Examining data/swh-plugins-0.4.17/impulses/18-marshall-plexi-sm57.h
Examining data/swh-plugins-0.4.17/impulses/19-marshall-plexi-sm57-off.h
Examining data/swh-plugins-0.4.17/impulses/20-matchless-chieftain-sm57.h
Examining data/swh-plugins-0.4.17/impulses/21-matchless-chieftain-sm57-off.h
Examining data/swh-plugins-0.4.17/impulses/all.h
Examining data/swh-plugins-0.4.17/ladspa-util.h
Examining data/swh-plugins-0.4.17/ladspa.h
Examining data/swh-plugins-0.4.17/util/biquad.h
Examining data/swh-plugins-0.4.17/util/blo.c
Examining data/swh-plugins-0.4.17/util/blo.h
Examining data/swh-plugins-0.4.17/util/buffer.c
Examining data/swh-plugins-0.4.17/util/buffer.h
Examining data/swh-plugins-0.4.17/util/db.c
Examining data/swh-plugins-0.4.17/util/db.h
Examining data/swh-plugins-0.4.17/util/iir.c
Examining data/swh-plugins-0.4.17/util/iir.h
Examining data/swh-plugins-0.4.17/util/ls_filter.h
Examining data/swh-plugins-0.4.17/util/pitchscale.c
Examining data/swh-plugins-0.4.17/util/pitchscale.h
Examining data/swh-plugins-0.4.17/util/rms.c
Examining data/swh-plugins-0.4.17/util/rms.h
Examining data/swh-plugins-0.4.17/util/waveguide_nl.h
FINAL RESULTS:
data/swh-plugins-0.4.17/gverb/gverb-test.c:75:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > RAND_MAX / 5) {
data/swh-plugins-0.4.17/gsm/add.c:98:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const bitoff[ 256 ] = {
data/swh-plugins-0.4.17/gsm/code.c:17:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern char * memcpy P((char *, char *, int));
data/swh-plugins-0.4.17/gsm/code.c:98:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy( (char *)S->dp0, (char *)(S->dp0 + 160),
data/swh-plugins-0.4.17/util/blo.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shm_path[128];
data/swh-plugins-0.4.17/util/iir.h:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outdata, indata, numSampsToProcess*sizeof(float));
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 26423 in approximately 1.65 seconds (16030 lines/second)
Physical Source Lines of Code (SLOC) = 23507
Hits@level = [0] 4 [1] 0 [2] 5 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 10 [1+] 6 [2+] 6 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.425405 [1+] 0.255243 [2+] 0.255243 [3+] 0.0425405 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.