Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vo-amrwbenc-0.1.3/common/include/voMem.h
Examining data/vo-amrwbenc-0.1.3/common/include/voAAC.h
Examining data/vo-amrwbenc-0.1.3/common/include/voType.h
Examining data/vo-amrwbenc-0.1.3/common/include/voAudio.h
Examining data/vo-amrwbenc-0.1.3/common/include/voIndex.h
Examining data/vo-amrwbenc-0.1.3/common/include/voAMRWB.h
Examining data/vo-amrwbenc-0.1.3/common/include/cmnMemory.h
Examining data/vo-amrwbenc-0.1.3/common/cmnMemory.c
Examining data/vo-amrwbenc-0.1.3/amrwb-enc.c
Examining data/vo-amrwbenc-0.1.3/wavreader.h
Examining data/vo-amrwbenc-0.1.3/enc_if.h
Examining data/vo-amrwbenc-0.1.3/wrapper.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/SampleCode/AMRWB_E_SAMPLE.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/SoftAMRWBEncoder.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/SoftAMRWBEncoder.cpp
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/log2_tab.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/p_med_o.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/typedef.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/wb_vad.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/basic_op.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/wb_vad_c.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/cod_main.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/main.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/dtx.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/log2.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/math_op.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/cnst.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/typedefs.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/stream.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/acelp.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/q_pulse.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/oper_32b.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/mem_align.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/inc/bits.h
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/wb_vad.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/pitch_f4.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/isp_az.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/qisf_ns.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/syn_filt.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/c4t64fx.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/util.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/weight_a.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/levinson.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/g_pitch.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/lp_dec2.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/homing.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/scale.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/hp50.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/pit_shrp.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/pred_lt4.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/voAMRWBEnc.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/cor_h_x.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/convolve.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/hp_wsp.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/qpisf_2s.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/p_med_ol.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/az_isp.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/mem_align.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/random.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/oper_32b.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/q_pulse.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/updt_tar.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/autocorr.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/preemph.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/residu.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/gpclip.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/hp6k.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/bits.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/lag_wind.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/deemph.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/log2.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/int_lpc.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/hp400.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/math_op.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/dtx.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/q_gain2.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/decim54.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/stream.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/isp_isf.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/voicefac.c
Examining data/vo-amrwbenc-0.1.3/amrwbenc/src/c2t64fx.c
Examining data/vo-amrwbenc-0.1.3/wavreader.c
FINAL RESULTS:
data/vo-amrwbenc-0.1.3/amrwb-enc.c:70:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "r:d")) != -1) {
data/vo-amrwbenc-0.1.3/amrwb-enc.c:45:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rate = atoi(str);
data/vo-amrwbenc-0.1.3/amrwb-enc.c:117:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(outfile, "wb");
data/vo-amrwbenc-0.1.3/amrwbenc/SampleCode/AMRWB_E_SAMPLE.c:32:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char InputBuf[INPUT_SIZE];
data/vo-amrwbenc-0.1.3/amrwbenc/SampleCode/AMRWB_E_SAMPLE.c:33:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char OutputBuf[OUTPUT_SIZE];
data/vo-amrwbenc-0.1.3/amrwbenc/SampleCode/AMRWB_E_SAMPLE.c:110:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fsrc = fopen (srcfile, "rb")) == NULL)
data/vo-amrwbenc-0.1.3/amrwbenc/SampleCode/AMRWB_E_SAMPLE.c:116:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdst = fopen (dstfile, "wb")) == NULL)
data/vo-amrwbenc-0.1.3/amrwbenc/SampleCode/AMRWB_E_SAMPLE.c:191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuf, VOAMRWB_RFC3267_HEADER_INFO, size1);
data/vo-amrwbenc-0.1.3/amrwbenc/SoftAMRWBEncoder.cpp:357:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)mInputFrame + mInputSize, inData, copy);
data/vo-amrwbenc-0.1.3/common/cmnMemory.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pDest, pSource, uSize);
data/vo-amrwbenc-0.1.3/wavreader.c:69:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wr->wav = fopen(filename, "rb");
data/vo-amrwbenc-0.1.3/amrwb-enc.c:125:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read, i, n;
data/vo-amrwbenc-0.1.3/amrwb-enc.c:130:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read /= channels;
data/vo-amrwbenc-0.1.3/amrwb-enc.c:131:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read /= 2;
data/vo-amrwbenc-0.1.3/amrwb-enc.c:132:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 320)
data/vo-amrwbenc-0.1.3/amrwbenc/SampleCode/AMRWB_E_SAMPLE.c:190:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size1 = (int)strlen(VOAMRWB_RFC3267_HEADER_INFO);
data/vo-amrwbenc-0.1.3/wavreader.c:41:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-amrwbenc-0.1.3/wavreader.c:42:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-amrwbenc-0.1.3/wavreader.c:43:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-amrwbenc-0.1.3/wavreader.c:44:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-amrwbenc-0.1.3/wavreader.c:50:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 0;
data/vo-amrwbenc-0.1.3/wavreader.c:51:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 8;
data/vo-amrwbenc-0.1.3/wavreader.c:52:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 16;
data/vo-amrwbenc-0.1.3/wavreader.c:53:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 24;
data/vo-amrwbenc-0.1.3/wavreader.c:59:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 0;
data/vo-amrwbenc-0.1.3/wavreader.c:60:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 8;
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 16007 in approximately 0.50 seconds (31829 lines/second)
Physical Source Lines of Code (SLOC) = 9637
Hits@level = [0] 67 [1] 15 [2] 10 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 93 [1+] 26 [2+] 11 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 9.65031 [1+] 2.69794 [2+] 1.14143 [3+] 0.103767 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.