Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/wavpack-5.3.0/include/wavpack.h
Examining data/wavpack-5.3.0/src/read_words.c
Examining data/wavpack-5.3.0/src/pack_dsd.c
Examining data/wavpack-5.3.0/src/open_filename.c
Examining data/wavpack-5.3.0/src/unpack3_open.c
Examining data/wavpack-5.3.0/src/open_raw.c
Examining data/wavpack-5.3.0/src/pack.c
Examining data/wavpack-5.3.0/src/unpack_seek.c
Examining data/wavpack-5.3.0/src/open_legacy.c
Examining data/wavpack-5.3.0/src/pack_utils.c
Examining data/wavpack-5.3.0/src/write_words.c
Examining data/wavpack-5.3.0/src/common_utils.c
Examining data/wavpack-5.3.0/src/decorr_tables.h
Examining data/wavpack-5.3.0/src/unpack3.c
Examining data/wavpack-5.3.0/src/entropy_utils.c
Examining data/wavpack-5.3.0/src/unpack_floats.c
Examining data/wavpack-5.3.0/src/unpack_utils.c
Examining data/wavpack-5.3.0/src/decorr_utils.c
Examining data/wavpack-5.3.0/src/wavpack_version.h
Examining data/wavpack-5.3.0/src/extra1.c
Examining data/wavpack-5.3.0/src/unpack3.h
Examining data/wavpack-5.3.0/src/pack_floats.c
Examining data/wavpack-5.3.0/src/pack_dns.c
Examining data/wavpack-5.3.0/src/unpack_dsd.c
Examining data/wavpack-5.3.0/src/extra2.c
Examining data/wavpack-5.3.0/src/unpack.c
Examining data/wavpack-5.3.0/src/unpack3_seek.c
Examining data/wavpack-5.3.0/src/tag_utils.c
Examining data/wavpack-5.3.0/src/wavpack_local.h
Examining data/wavpack-5.3.0/src/tags.c
Examining data/wavpack-5.3.0/src/open_utils.c
Examining data/wavpack-5.3.0/cli/dsf.c
Examining data/wavpack-5.3.0/cli/wave64.c
Examining data/wavpack-5.3.0/cli/riff_write.c
Examining data/wavpack-5.3.0/cli/win32_unicode_support.h
Examining data/wavpack-5.3.0/cli/wavpack.c
Examining data/wavpack-5.3.0/cli/md5.c
Examining data/wavpack-5.3.0/cli/utils.c
Examining data/wavpack-5.3.0/cli/caff.c
Examining data/wavpack-5.3.0/cli/md5.h
Examining data/wavpack-5.3.0/cli/wvtest.c
Examining data/wavpack-5.3.0/cli/utils.h
Examining data/wavpack-5.3.0/cli/riff.c
Examining data/wavpack-5.3.0/cli/win32_unicode_support.c
Examining data/wavpack-5.3.0/cli/dsf_write.c
Examining data/wavpack-5.3.0/cli/wvtag.c
Examining data/wavpack-5.3.0/cli/wvunpack.c
Examining data/wavpack-5.3.0/cli/wave64_write.c
Examining data/wavpack-5.3.0/cli/dsdiff.c
Examining data/wavpack-5.3.0/cli/wvgain.c
Examining data/wavpack-5.3.0/cli/import_id3.c
Examining data/wavpack-5.3.0/cli/dsdiff_write.c
Examining data/wavpack-5.3.0/cli/caff_write.c
FINAL RESULTS:
data/wavpack-5.3.0/cli/import_id3.c:237:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (error, WavpackGetErrorMessage (wpc));
data/wavpack-5.3.0/cli/import_id3.c:248:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (error, WavpackGetErrorMessage (wpc));
data/wavpack-5.3.0/cli/import_id3.c:323:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (binary_tag_image, item);
data/wavpack-5.3.0/cli/import_id3.c:324:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (binary_tag_image, extension);
data/wavpack-5.3.0/cli/import_id3.c:328:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (error, WavpackGetErrorMessage (wpc));
data/wavpack-5.3.0/cli/utils.c:36:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf fprintf_utf8
data/wavpack-5.3.0/cli/utils.c:194:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (filespec, globs.gl_pathv[0]);
data/wavpack-5.3.0/cli/utils.c:388:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (app_path, file_path);
data/wavpack-5.3.0/cli/utils.c:426:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (app_path, file_path);
data/wavpack-5.3.0/cli/utils.c:438:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (error_msg + 1, error, argptr);
data/wavpack-5.3.0/cli/utils.c:482:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (error_msg + 1, error, argptr);
data/wavpack-5.3.0/cli/wavpack.c:52:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf fprintf_utf8
data/wavpack-5.3.0/cli/wavpack.c:333:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (selfname, *argv);
data/wavpack-5.3.0/cli/wavpack.c:753:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tag_arg, "%s=WavPack %s", *argv, PACKAGE_VERSION);
data/wavpack-5.3.0/cli/wavpack.c:761:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tag_arg, "%s=%s", *argv, settings);
data/wavpack-5.3.0/cli/wavpack.c:776:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tag_items [i].value, cp + 1);
data/wavpack-5.3.0/cli/wavpack.c:791:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [num_files], *argv);
data/wavpack-5.3.0/cli/wavpack.c:795:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (matches [num_files], (config.qmode & QMODE_RAW_PCM) ? ".raw" : ".wav");
data/wavpack-5.3.0/cli/wavpack.c:801:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename, *argv);
data/wavpack-5.3.0/cli/wavpack.c:805:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out2filename, *argv);
data/wavpack-5.3.0/cli/wavpack.c:814:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename, *argv);
data/wavpack-5.3.0/cli/wavpack.c:820:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [num_files], *argv);
data/wavpack-5.3.0/cli/wavpack.c:824:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (matches [num_files], (config.qmode & QMODE_RAW_PCM) ? ".raw" : ".wav");
data/wavpack-5.3.0/cli/wavpack.c:892:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, version_warning, WavpackGetLibraryVersionString (), PACKAGE_VERSION);
data/wavpack-5.3.0/cli/wavpack.c:896:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, sign_on, VERSION_OS, WavpackGetLibraryVersionString ());
data/wavpack-5.3.0/cli/wavpack.c:918:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, matches [0]);
data/wavpack-5.3.0/cli/wavpack.c:919:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (temp), fn);
data/wavpack-5.3.0/cli/wavpack.c:927:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, outfilename);
data/wavpack-5.3.0/cli/wavpack.c:928:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (temp), fn);
data/wavpack-5.3.0/cli/wavpack.c:978:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tag_items [i].value, tag_items [i].item);
data/wavpack-5.3.0/cli/wavpack.c:981:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tag_items [i].value, tag_items [i].ext);
data/wavpack-5.3.0/cli/wavpack.c:1120:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [file_index], infilename);
data/wavpack-5.3.0/cli/wavpack.c:1122:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (matches [file_index], name_utf8);
data/wavpack-5.3.0/cli/wavpack.c:1230:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (outfilename, filespec_name (matches [file_index]));
data/wavpack-5.3.0/cli/wavpack.c:1237:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename, matches [file_index]);
data/wavpack-5.3.0/cli/wavpack.c:1251:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out2filename, outfilename);
data/wavpack-5.3.0/cli/wavpack.c:1256:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, outfilename);
data/wavpack-5.3.0/cli/wavpack.c:1257:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (temp), filespec_name (out2filename));
data/wavpack-5.3.0/cli/wavpack.c:1258:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out2filename, temp);
data/wavpack-5.3.0/cli/wavpack.c:1442:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matchname, filename);
data/wavpack-5.3.0/cli/wavpack.c:1443:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (matchname), name_utf8);
data/wavpack-5.3.0/cli/wavpack.c:1484:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matchname, globbuf.gl_pathv [i]);
data/wavpack-5.3.0/cli/wavpack.c:1671:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename_temp, outfilename);
data/wavpack-5.3.0/cli/wavpack.c:1679:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (outfilename_temp, filespec_ext (outfilename));
data/wavpack-5.3.0/cli/wavpack.c:1700:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out2filename_temp, outfilename_temp);
data/wavpack-5.3.0/cli/wavpack.c:2727:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename_temp, outfilename);
data/wavpack-5.3.0/cli/wavpack.c:2735:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (outfilename_temp, filespec_ext (outfilename));
data/wavpack-5.3.0/cli/wavpack.c:2752:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out2filename_temp, outfilename_temp);
data/wavpack-5.3.0/cli/wavpack.c:2988:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (value, "WavPack %s", PACKAGE_VERSION);
data/wavpack-5.3.0/cli/wavpack.c:3094:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (in2filename, infilename);
data/wavpack-5.3.0/cli/wavpack.c:3687:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (settings + strlen (settings), " --pre-quantize%s=%d",
data/wavpack-5.3.0/cli/win32_unicode_support.c:128:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf (string_buffer, sizeof (string_buffer), format, argptr);
data/wavpack-5.3.0/cli/wvgain.c:56:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf fprintf_utf8
data/wavpack-5.3.0/cli/wvgain.c:150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (selfname, *argv);
data/wavpack-5.3.0/cli/wvgain.c:234:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [num_files], *argv);
data/wavpack-5.3.0/cli/wvgain.c:256:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, version_warning, WavpackGetLibraryVersionString (), PACKAGE_VERSION);
data/wavpack-5.3.0/cli/wvgain.c:260:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, sign_on, VERSION_OS, WavpackGetLibraryVersionString ());
data/wavpack-5.3.0/cli/wvgain.c:370:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [file_index], infilename);
data/wavpack-5.3.0/cli/wvgain.c:372:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (matches [file_index], name_utf8);
data/wavpack-5.3.0/cli/wvtag.c:52:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf fprintf_utf8
data/wavpack-5.3.0/cli/wvtag.c:59:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/wavpack-5.3.0/cli/wvtag.c:59:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/wavpack-5.3.0/cli/wvtag.c:202:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (selfname, *argv);
data/wavpack-5.3.0/cli/wvtag.c:343:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tag_items [i].value, cp + 1);
data/wavpack-5.3.0/cli/wvtag.c:372:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [num_files], *argv);
data/wavpack-5.3.0/cli/wvtag.c:406:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, version_warning, WavpackGetLibraryVersionString (), PACKAGE_VERSION);
data/wavpack-5.3.0/cli/wvtag.c:410:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, sign_on, VERSION_OS, WavpackGetLibraryVersionString ());
data/wavpack-5.3.0/cli/wvtag.c:434:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, matches [0]);
data/wavpack-5.3.0/cli/wvtag.c:435:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (temp), fn);
data/wavpack-5.3.0/cli/wvtag.c:485:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tag_items [i].value, tag_items [i].item);
data/wavpack-5.3.0/cli/wvtag.c:488:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tag_items [i].value, tag_items [i].ext);
data/wavpack-5.3.0/cli/wvtag.c:624:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [file_index], infilename);
data/wavpack-5.3.0/cli/wvtag.c:626:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (matches [file_index], name_utf8);
data/wavpack-5.3.0/cli/wvtag.c:914:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tag_extractions [num_tag_extractions], spec);
data/wavpack-5.3.0/cli/wvtag.c:939:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_filename, outfilename);
data/wavpack-5.3.0/cli/wvtag.c:948:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dst, filespec_name (outfilename));
data/wavpack-5.3.0/cli/wvtag.c:959:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dst, tag_filename);
data/wavpack-5.3.0/cli/wvtag.c:971:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dst, filespec_ext (tag_filename) + 1);
data/wavpack-5.3.0/cli/wvtag.c:989:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (full_filename), tag_filename);
data/wavpack-5.3.0/cli/wvtag.c:1220:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, sanitized_tag_value);
data/wavpack-5.3.0/cli/wvtag.c:1605:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matchname, filename);
data/wavpack-5.3.0/cli/wvtag.c:1606:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (matchname), name_utf8);
data/wavpack-5.3.0/cli/wvtag.c:1647:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matchname, globbuf.gl_pathv [i]);
data/wavpack-5.3.0/cli/wvtest.c:239:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (version_warning, WavpackGetLibraryVersionString (), PACKAGE_VERSION);
data/wavpack-5.3.0/cli/wvtest.c:241:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (sign_on, VERSION_OS, WavpackGetLibraryVersionString ());
data/wavpack-5.3.0/cli/wvtest.c:800:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename_c, filename);
data/wavpack-5.3.0/cli/wvunpack.c:54:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf fprintf_utf8
data/wavpack-5.3.0/cli/wvunpack.c:59:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/wavpack-5.3.0/cli/wvunpack.c:59:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/wavpack-5.3.0/cli/wvunpack.c:261:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (selfname, *argv);
data/wavpack-5.3.0/cli/wvunpack.c:497:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [num_files], *argv);
data/wavpack-5.3.0/cli/wvunpack.c:507:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename, *argv);
data/wavpack-5.3.0/cli/wvunpack.c:516:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename, *argv);
data/wavpack-5.3.0/cli/wvunpack.c:522:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [num_files], *argv);
data/wavpack-5.3.0/cli/wvunpack.c:578:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, version_warning, WavpackGetLibraryVersionString (), PACKAGE_VERSION);
data/wavpack-5.3.0/cli/wvunpack.c:582:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, sign_on, VERSION_OS, WavpackGetLibraryVersionString ());
data/wavpack-5.3.0/cli/wvunpack.c:692:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (matches [file_index], infilename);
data/wavpack-5.3.0/cli/wvunpack.c:694:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (matches [file_index], name_utf8);
data/wavpack-5.3.0/cli/wvunpack.c:778:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (outfilename, filespec_name (matches [file_index]));
data/wavpack-5.3.0/cli/wvunpack.c:785:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outfilename, matches [file_index]);
data/wavpack-5.3.0/cli/wvunpack.c:978:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*tempfilename, filename);
data/wavpack-5.3.0/cli/wvunpack.c:986:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (*tempfilename, filespec_ext (filename));
data/wavpack-5.3.0/cli/wvunpack.c:1254:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (outfilename, extension);
data/wavpack-5.3.0/cli/wvunpack.c:1526:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (in2filename, infilename);
data/wavpack-5.3.0/cli/wvunpack.c:1833:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tag_extractions [num_tag_extractions], spec);
data/wavpack-5.3.0/cli/wvunpack.c:1858:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_filename, outfilename);
data/wavpack-5.3.0/cli/wvunpack.c:1867:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dst, filespec_name (outfilename));
data/wavpack-5.3.0/cli/wvunpack.c:1878:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dst, tag_filename);
data/wavpack-5.3.0/cli/wvunpack.c:1890:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dst, filespec_ext (tag_filename) + 1);
data/wavpack-5.3.0/cli/wvunpack.c:1908:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filespec_name (full_filename), tag_filename);
data/wavpack-5.3.0/cli/wvunpack.c:2231:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (modes, si < 18 ? speakers [si] : "--");
data/wavpack-5.3.0/cli/wvunpack.c:2261:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (modes, (WavpackGetMode (wpc) & MODE_LOSSLESS) ? "lossless" : "lossy");
data/wavpack-5.3.0/cli/wvunpack.c:2277:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (modes, xmode);
data/wavpack-5.3.0/cli/wvunpack.c:2506:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (str + strlen (str), "%s", (WavpackGetMode (wpc) & MODE_FLOAT) ? "float" : "int");
data/wavpack-5.3.0/cli/wvunpack.c:2532:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (str + strlen (str), "%s", md5_string);
data/wavpack-5.3.0/cli/wvunpack.c:2614:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, sanitized_tag_value);
data/wavpack-5.3.0/src/extra1.c:697:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, substring);
data/wavpack-5.3.0/src/extra2.c:908:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%s: terms =",
data/wavpack-5.3.0/src/extra2.c:922:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, substring);
data/wavpack-5.3.0/src/open_filename.c:246:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (error) strcpy (error, (flags & OPEN_EDIT_TAGS) ? "can't open file for editing" : "can't open file");
data/wavpack-5.3.0/src/open_filename.c:253:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (in2filename, infilename);
data/wavpack-5.3.0/src/open_utils.c:174:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (error) strcpy (error, wpc->error_message [0] ? wpc->error_message :
data/wavpack-5.3.0/src/pack_utils.c:64:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (wpc->file_extension, file_extension);
data/wavpack-5.3.0/src/tag_utils.c:312:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, lvalue);
data/wavpack-5.3.0/src/tag_utils.c:395:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (item, lvalue);
data/wavpack-5.3.0/src/tag_utils.c:445:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) p, item);
data/wavpack-5.3.0/cli/utils.c:394:16: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hinstLib = LoadLibrary ("shell32.dll");
data/wavpack-5.3.0/cli/utils.c:413:20: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hinstLib = LoadLibrary ("shfolder.dll");
data/wavpack-5.3.0/cli/wvtest.c:1238:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = ((random << 4) - random) ^ 1;
data/wavpack-5.3.0/cli/wvtest.c:1238:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = ((random << 4) - random) ^ 1;
data/wavpack-5.3.0/cli/wvtest.c:1239:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = ((random << 4) - random) ^ 1;
data/wavpack-5.3.0/cli/wvtest.c:1239:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = ((random << 4) - random) ^ 1;
data/wavpack-5.3.0/cli/wvtest.c:1240:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = ((random << 4) - random) ^ 1;
data/wavpack-5.3.0/cli/wvtest.c:1240:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = ((random << 4) - random) ^ 1;
data/wavpack-5.3.0/cli/wvtest.c:1241:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (random >> 32) / 4294967296.0;
data/wavpack-5.3.0/cli/caff.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFileType [4];
data/wavpack-5.3.0/cli/caff.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mChunkType [4];
data/wavpack-5.3.0/cli/caff.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFormatID [4];
data/wavpack-5.3.0/cli/caff.c:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&caf_file_header, fourcc, 4);
data/wavpack-5.3.0/cli/caff.c:221:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatstr [5];
data/wavpack-5.3.0/cli/caff.c:223:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (formatstr, caf_audio_format.mFormatID, 4);
data/wavpack-5.3.0/cli/caff.c:433:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
channel_reorder = (unsigned char *) strdup (layouts [i].mChannelReorder);
data/wavpack-5.3.0/cli/caff.c:438:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
channel_identities = (unsigned char *) strdup (layouts [i].mChannelIdentities);
data/wavpack-5.3.0/cli/caff_write.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFileType [4];
data/wavpack-5.3.0/cli/caff_write.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mChunkType [4];
data/wavpack-5.3.0/cli/caff_write.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFormatID [4];
data/wavpack-5.3.0/cli/dsdiff.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formType [4];
data/wavpack-5.3.0/cli/dsdiff.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compressionType [4];
data/wavpack-5.3.0/cli/dsdiff.c:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&dff_file_header, fourcc, 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formType [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compressionType [4];
data/wavpack-5.3.0/cli/dsdiff_write.c:101:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cptr, num_channels <= 2 ? "SLFT" : "MLFT", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:103:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cptr, num_channels <= 2 ? "SRGT" : "MRGT", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:105:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cptr, "C ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:107:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cptr, "LFE ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:109:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cptr, "LS ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:111:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cptr, "RS ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file_header.ckID, "FRM8", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file_header.formType, "DSD ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (prop_header.ckID, "PROP", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (prop_header.formType, "SND ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ver_chunk.ckID, "FVER", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs_chunk.ckID, "FS ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chan_header.ckID, "CHNL", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:153:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmpr_header.ckID, "CMPR", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmpr_header.compressionType, "DSD ", 4);
data/wavpack-5.3.0/cli/dsdiff_write.c:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data_header.ckID, "DSD ", 4);
data/wavpack-5.3.0/cli/dsf.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsf.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsf.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsf.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&file_chunk, fourcc, 4);
data/wavpack-5.3.0/cli/dsf_write.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsf_write.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsf_write.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/dsf_write.c:90:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file_chunk.ckID, "DSD ", 4);
data/wavpack-5.3.0/cli/dsf_write.c:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (format_chunk.ckID, "fmt ", 4);
data/wavpack-5.3.0/cli/dsf_write.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (chunk_header.ckID, "data", 4);
data/wavpack-5.3.0/cli/import_id3.c:70:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id3_header [10];
data/wavpack-5.3.0/cli/import_id3.c:76:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "can't read tag header");
data/wavpack-5.3.0/cli/import_id3.c:85:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "no ID3v2 tag found");
data/wavpack-5.3.0/cli/import_id3.c:90:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "not valid ID3v2.3");
data/wavpack-5.3.0/cli/import_id3.c:95:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "unsynchonization detected");
data/wavpack-5.3.0/cli/import_id3.c:100:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "extended header detected");
data/wavpack-5.3.0/cli/import_id3.c:105:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "experimental indicator detected");
data/wavpack-5.3.0/cli/import_id3.c:110:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "not valid ID3v2.3 (bad size)");
data/wavpack-5.3.0/cli/import_id3.c:117:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "tag is truncated");
data/wavpack-5.3.0/cli/import_id3.c:122:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame_header [10], *frame_body;
data/wavpack-5.3.0/cli/import_id3.c:139:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "bad frame identity");
data/wavpack-5.3.0/cli/import_id3.c:144:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "unknown frame_header flag set");
data/wavpack-5.3.0/cli/import_id3.c:154:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "empty frame not allowed");
data/wavpack-5.3.0/cli/import_id3.c:159:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "can't read frame body");
data/wavpack-5.3.0/cli/import_id3.c:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (frame_body, tag_data, frame_size);
data/wavpack-5.3.0/cli/import_id3.c:171:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *utf8_strings [2];
data/wavpack-5.3.0/cli/import_id3.c:210:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "unknown character encoding");
data/wavpack-5.3.0/cli/import_id3.c:236:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (wpc && !WavpackAppendTagItem (wpc, (char *) utf8_strings [0], (char *) utf8_strings [1], (int) strlen ((char *) utf8_strings [1]))) {
data/wavpack-5.3.0/cli/import_id3.c:236:88: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (wpc && !WavpackAppendTagItem (wpc, (char *) utf8_strings [0], (char *) utf8_strings [1], (int) strlen ((char *) utf8_strings [1]))) {
data/wavpack-5.3.0/cli/import_id3.c:236:129: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (wpc && !WavpackAppendTagItem (wpc, (char *) utf8_strings [0], (char *) utf8_strings [1], (int) strlen ((char *) utf8_strings [1]))) {
data/wavpack-5.3.0/cli/import_id3.c:242:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (bytes_used) *bytes_used += (int) (strlen ((char *) utf8_strings [0]) + strlen ((char *) utf8_strings [1]) + 1);
data/wavpack-5.3.0/cli/import_id3.c:242:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (bytes_used) *bytes_used += (int) (strlen ((char *) utf8_strings [0]) + strlen ((char *) utf8_strings [1]) + 1);
data/wavpack-5.3.0/cli/import_id3.c:246:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!strncmp ((char *) frame_header, text_tag_table [i].id3_item, 4)) {
data/wavpack-5.3.0/cli/import_id3.c:247:98: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (wpc && !WavpackAppendTagItem (wpc, text_tag_table [i].ape_item, (char *) utf8_strings [0], (int) strlen ((char *) utf8_strings [0]))) {
data/wavpack-5.3.0/cli/import_id3.c:247:139: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (wpc && !WavpackAppendTagItem (wpc, text_tag_table [i].ape_item, (char *) utf8_strings [0], (int) strlen ((char *) utf8_strings [0]))) {
data/wavpack-5.3.0/cli/import_id3.c:253:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (bytes_used) *bytes_used += (int) (strlen ((char *) utf8_strings [0]) + strlen (text_tag_table [i].ape_item) + 1);
data/wavpack-5.3.0/cli/import_id3.c:273:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "unterminated picture mime type");
data/wavpack-5.3.0/cli/import_id3.c:278:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "no picture type");
data/wavpack-5.3.0/cli/import_id3.c:288:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "unterminated picture description");
data/wavpack-5.3.0/cli/import_id3.c:293:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "no picture data");
data/wavpack-5.3.0/cli/import_id3.c:325:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (binary_tag_image + binary_tag_size - frame_bytes, frame_ptr, frame_bytes);
data/wavpack-5.3.0/cli/import_id3.c:338:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (error, "unhandled APIC character encoding");
data/wavpack-5.3.0/cli/import_id3.c:434:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (28591, 0, string, -1, temp, max_chars + 1);
data/wavpack-5.3.0/cli/md5.c:234:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/wavpack-5.3.0/cli/md5.c:238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/wavpack-5.3.0/cli/md5.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/wavpack-5.3.0/cli/md5.h:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/wavpack-5.3.0/cli/riff.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/riff.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/riff.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk [28];
data/wavpack-5.3.0/cli/riff.c:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&riff_chunk_header, fourcc, 4);
data/wavpack-5.3.0/cli/riff_write.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/riff_write.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/cli/riff_write.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk [28];
data/wavpack-5.3.0/cli/utils.c:381:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_path [MAX_PATH], tried, result;
data/wavpack-5.3.0/cli/utils.c:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg [512];
data/wavpack-5.3.0/cli/utils.c:444:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_path [MAX_PATH];
data/wavpack-5.3.0/cli/utils.c:448:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (file_path, "\\WavPack\\wavpack.log");
data/wavpack-5.3.0/cli/utils.c:449:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
error_log = fopen (file_path, "a+");
data/wavpack-5.3.0/cli/utils.c:453:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (file_path, "\\WavPack");
data/wavpack-5.3.0/cli/utils.c:456:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (file_path, "\\wavpack.log");
data/wavpack-5.3.0/cli/utils.c:457:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
error_log = fopen (file_path, "a+");
data/wavpack-5.3.0/cli/utils.c:463:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
error_log = fopen ("c:\\wavpack.log", "a+");
data/wavpack-5.3.0/cli/utils.c:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg [512];
data/wavpack-5.3.0/cli/wave64.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [16];
data/wavpack-5.3.0/cli/wave64.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formType [16];
data/wavpack-5.3.0/cli/wave64.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [16];
data/wavpack-5.3.0/cli/wave64.c:35:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char riff_guid [16] = { 'r','i','f','f', 0x2e,0x91,0xcf,0x11,0xa5,0xd6,0x28,0xdb,0x04,0xc1,0x00,0x00 };
data/wavpack-5.3.0/cli/wave64.c:36:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char wave_guid [16] = { 'w','a','v','e', 0xf3,0xac,0xd3,0x11,0x8c,0xd1,0x00,0xc0,0x4f,0x8e,0xdb,0x8a };
data/wavpack-5.3.0/cli/wave64.c:37:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char fmt_guid [16] = { 'f','m','t',' ', 0xf3,0xac,0xd3,0x11,0x8c,0xd1,0x00,0xc0,0x4f,0x8e,0xdb,0x8a };
data/wavpack-5.3.0/cli/wave64.c:38:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char data_guid [16] = { 'd','a','t','a', 0xf3,0xac,0xd3,0x11,0x8c,0xd1,0x00,0xc0,0x4f,0x8e,0xdb,0x8a };
data/wavpack-5.3.0/cli/wave64.c:57:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&filehdr, fourcc, 4);
data/wavpack-5.3.0/cli/wave64_write.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [16];
data/wavpack-5.3.0/cli/wave64_write.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formType [16];
data/wavpack-5.3.0/cli/wave64_write.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [16];
data/wavpack-5.3.0/cli/wave64_write.c:35:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char riff_guid [16] = { 'r','i','f','f', 0x2e,0x91,0xcf,0x11,0xa5,0xd6,0x28,0xdb,0x04,0xc1,0x00,0x00 };
data/wavpack-5.3.0/cli/wave64_write.c:36:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char wave_guid [16] = { 'w','a','v','e', 0xf3,0xac,0xd3,0x11,0x8c,0xd1,0x00,0xc0,0x4f,0x8e,0xdb,0x8a };
data/wavpack-5.3.0/cli/wave64_write.c:37:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char fmt_guid [16] = { 'f','m','t',' ', 0xf3,0xac,0xd3,0x11,0x8c,0xd1,0x00,0xc0,0x4f,0x8e,0xdb,0x8a };
data/wavpack-5.3.0/cli/wave64_write.c:38:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char data_guid [16] = { 'd','a','t','a', 0xf3,0xac,0xd3,0x11,0x8c,0xd1,0x00,0xc0,0x4f,0x8e,0xdb,0x8a };
data/wavpack-5.3.0/cli/wave64_write.c:94:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (filehdr.ckID, riff_guid, sizeof (riff_guid));
data/wavpack-5.3.0/cli/wave64_write.c:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (filehdr.formType, wave_guid, sizeof (wave_guid));
data/wavpack-5.3.0/cli/wave64_write.c:98:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fmthdr.ckID, fmt_guid, sizeof (fmt_guid));
data/wavpack-5.3.0/cli/wave64_write.c:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (datahdr.ckID, data_guid, sizeof (data_guid));
data/wavpack-5.3.0/cli/wavpack.c:55:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen(f,m) fopen_utf8(f,m)
data/wavpack-5.3.0/cli/wavpack.c:270:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char channel_order [18];
data/wavpack-5.3.0/cli/wavpack.c:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selfname [MAX_PATH];
data/wavpack-5.3.0/cli/wavpack.c:495:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [6], channel_error = 0;
data/wavpack-5.3.0/cli/wavpack.c:757:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char settings [256], *tag_arg;
data/wavpack-5.3.0/cli/wavpack.c:772:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tag_items [i].item, *argv, cp - *argv);
data/wavpack-5.3.0/cli/wavpack.c:1033:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *list = fopen (infilename+1, "rb");
data/wavpack-5.3.0/cli/wavpack.c:1142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listbuff [PATH_MAX * 2], *lp = listbuff;
data/wavpack-5.3.0/cli/wavpack.c:1143:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *list = fopen (outfilename+1, "rb");
data/wavpack-5.3.0/cli/wavpack.c:1244:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (outfilename, ".wv");
data/wavpack-5.3.0/cli/wavpack.c:1265:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out2filename, ".wvc");
data/wavpack-5.3.0/cli/wavpack.c:1349:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argv_copy, argv_utf8, sizeof (char*) * argc_utf8);
data/wavpack-5.3.0/cli/wavpack.c:1423:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen (filename, mode);
data/wavpack-5.3.0/cli/wavpack.c:1453:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
res = fopen (matchname, mode);
data/wavpack-5.3.0/cli/wavpack.c:1491:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
res = fopen (matchname, mode);
data/wavpack-5.3.0/cli/wavpack.c:1516:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_digest [16];
data/wavpack-5.3.0/cli/wavpack.c:1545:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((infile = fopen (infilename, "rb")) == NULL) {
data/wavpack-5.3.0/cli/wavpack.c:1605:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (*outfilename != '-' && (wv_file.file = fopen (outfilename, "rb")) != NULL) {
data/wavpack-5.3.0/cli/wavpack.c:1633:60: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (out2filename && !overwrite_all && (wvc_file.file = fopen (out2filename, "rb")) != NULL) {
data/wavpack-5.3.0/cli/wavpack.c:1675:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (filespec_ext (outfilename_temp), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wavpack.c:1677:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (filespec_ext (outfilename_temp), ".tmp");
data/wavpack-5.3.0/cli/wavpack.c:1683:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outfilename_temp + strlen (outfilename_temp), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wavpack.c:1685:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (outfilename_temp, ".tmp");
data/wavpack-5.3.0/cli/wavpack.c:1688:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen (outfilename_temp, "rb");
data/wavpack-5.3.0/cli/wavpack.c:1703:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen (out2filename_temp, "rb");
data/wavpack-5.3.0/cli/wavpack.c:1736:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((wv_file.file = fopen (use_tempfiles ? outfilename_temp : outfilename, "w+b")) == NULL) {
data/wavpack-5.3.0/cli/wavpack.c:1763:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourcc [4];
data/wavpack-5.3.0/cli/wavpack.c:1805:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy [256];
data/wavpack-5.3.0/cli/wavpack.c:1862:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_channel_order, channel_order, num_channels_order);
data/wavpack-5.3.0/cli/wavpack.c:1882:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wvc_file.file = fopen (use_tempfiles ? out2filename_temp : out2filename, "w+b")) == NULL) {
data/wavpack-5.3.0/cli/wavpack.c:1952:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wavpack.c:2035:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&chunk_header, wrapper_location, sizeof (ChunkHeader));
data/wavpack-5.3.0/cli/wavpack.c:2040:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wrapper_location, &chunk_header, sizeof (ChunkHeader));
data/wavpack-5.3.0/cli/wavpack.c:2041:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&chunk_header, wrapper_location + wrapper_size - sizeof (ChunkHeader), sizeof (ChunkHeader));
data/wavpack-5.3.0/cli/wavpack.c:2048:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wrapper_location + wrapper_size - sizeof (ChunkHeader), &chunk_header, sizeof (ChunkHeader));
data/wavpack-5.3.0/cli/wavpack.c:2145:45: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (remove (outfilename) && (temp = fopen (outfilename, "rb"))) {
data/wavpack-5.3.0/cli/wavpack.c:2161:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (remove (out2filename) && (temp = fopen (out2filename, "rb"))) {
data/wavpack-5.3.0/cli/wavpack.c:2227:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file, *fext, *oper, *cmode, cratio [16] = "";
data/wavpack-5.3.0/cli/wavpack.c:2237:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string + 24 + (i * 2), "%02x", md5_digest [i]);
data/wavpack-5.3.0/cli/wavpack.c:2257:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cratio, ", %d kbps", (int) (WavpackGetAverageBitrate (wpc, TRUE) / 1000.0));
data/wavpack-5.3.0/cli/wavpack.c:2263:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cratio, ", %.2f%%", 100.0 - WavpackGetRatio (wpc) * 100.0);
data/wavpack-5.3.0/cli/wavpack.c:2610:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_verify [16], md5_display [16];
data/wavpack-5.3.0/cli/wavpack.c:2616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wavpack.c:2667:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (*outfilename != '-' && (wv_file.file = fopen (outfilename, "rb")) != NULL) {
data/wavpack-5.3.0/cli/wavpack.c:2694:60: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (out2filename && !overwrite_all && (wvc_file.file = fopen (out2filename, "rb")) != NULL) {
data/wavpack-5.3.0/cli/wavpack.c:2731:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (filespec_ext (outfilename_temp), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wavpack.c:2733:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (filespec_ext (outfilename_temp), ".tmp");
data/wavpack-5.3.0/cli/wavpack.c:2739:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outfilename_temp + strlen (outfilename_temp), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wavpack.c:2741:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (outfilename_temp, ".tmp");
data/wavpack-5.3.0/cli/wavpack.c:2744:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen (outfilename_temp, "rb");
data/wavpack-5.3.0/cli/wavpack.c:2755:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen (out2filename_temp, "rb");
data/wavpack-5.3.0/cli/wavpack.c:2784:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((wv_file.file = fopen (use_tempfiles ? outfilename_temp : outfilename, "w+b")) == NULL) {
data/wavpack-5.3.0/cli/wavpack.c:2847:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char order [256];
data/wavpack-5.3.0/cli/wavpack.c:2860:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wvc_file.file = fopen (use_tempfiles ? out2filename_temp : out2filename, "w+b")) == NULL) {
data/wavpack-5.3.0/cli/wavpack.c:2888:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_source [16];
data/wavpack-5.3.0/cli/wavpack.c:2903:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (md5_display, md5_verify, sizeof (md5_verify));
data/wavpack-5.3.0/cli/wavpack.c:2931:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wavpack.c:3092:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in2filename [PATH_MAX];
data/wavpack-5.3.0/cli/wavpack.c:3114:45: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (remove (outfilename) && (temp = fopen (outfilename, "rb"))) {
data/wavpack-5.3.0/cli/wavpack.c:3130:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (remove (out2filename) && (temp = fopen (out2filename, "rb"))) {
data/wavpack-5.3.0/cli/wavpack.c:3181:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file, *fext, *oper, *cmode, cratio [16] = "";
data/wavpack-5.3.0/cli/wavpack.c:3191:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string + 24 + (i * 2), "%02x", md5_display [i]);
data/wavpack-5.3.0/cli/wavpack.c:3211:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cratio, ", %d kbps", (int) (WavpackGetAverageBitrate (outfile, TRUE) / 1000.0));
data/wavpack-5.3.0/cli/wavpack.c:3217:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cratio, ", %.2f%%", 100.0 - WavpackGetRatio (outfile) * 100.0);
data/wavpack-5.3.0/cli/wavpack.c:3405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reorder_buffer [64], *temp = reorder_buffer;
data/wavpack-5.3.0/cli/wavpack.c:3423:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (start, temp, num_chans * bytes_per_sample);
data/wavpack-5.3.0/cli/wavpack.c:3443:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, temp, num_chans * sizeof (*data));
data/wavpack-5.3.0/cli/wavpack.c:3466:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_digest_result [16];
data/wavpack-5.3.0/cli/wavpack.c:3471:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wavpack.c:3602:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string1 + (i * 2), "%02x", md5_digest_source [i]);
data/wavpack-5.3.0/cli/wavpack.c:3603:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string2 + (i * 2), "%02x", md5_digest_result [i]);
data/wavpack-5.3.0/cli/wavpack.c:3656:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, "hh");
data/wavpack-5.3.0/cli/wavpack.c:3661:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (settings + strlen (settings), "b%g", config->bitrate);
data/wavpack-5.3.0/cli/wavpack.c:3664:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, "cc");
data/wavpack-5.3.0/cli/wavpack.c:3670:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (settings + strlen (settings), "x%d", config->xmode ? config->xmode : 1);
data/wavpack-5.3.0/cli/wavpack.c:3676:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, "j1");
data/wavpack-5.3.0/cli/wavpack.c:3678:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, "j0");
data/wavpack-5.3.0/cli/wavpack.c:3682:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (settings + strlen (settings), "s%g", config->shaping_weight);
data/wavpack-5.3.0/cli/wavpack.c:3691:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (settings + strlen (settings), " --blocksize=%d", config->block_samples);
data/wavpack-5.3.0/cli/wavpack.c:3694:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, " --use-dns");
data/wavpack-5.3.0/cli/wavpack.c:3697:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, " --cross-decorr");
data/wavpack-5.3.0/cli/wavpack.c:3700:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, " --merge-blocks");
data/wavpack-5.3.0/cli/wavpack.c:3703:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, " --pair-unassigned-chans");
data/wavpack-5.3.0/cli/wavpack.c:3706:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (settings, " --allow-huge-tags");
data/wavpack-5.3.0/cli/wavpack.c:4147:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (CP_ACP, 0, string, -1, temp, max_chars + 1);
data/wavpack-5.3.0/cli/wavpack.c:4220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title [40];
data/wavpack-5.3.0/cli/wavpack.c:4224:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "%d%% (WavPack)", (int) ((file_progress * 100.0) + 0.5));
data/wavpack-5.3.0/cli/win32_unicode_support.c:57:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
BuffSize = MultiByteToWideChar(CP_UTF8, 0, input, -1, NULL, 0);
data/wavpack-5.3.0/cli/win32_unicode_support.c:61:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
Result = MultiByteToWideChar(CP_UTF8, 0, input, -1, Buffer, BuffSize);
data/wavpack-5.3.0/cli/win32_unicode_support.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string_buffer [1024];
data/wavpack-5.3.0/cli/wvgain.c:57:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen(f,m) fopen_utf8(f,m)
data/wavpack-5.3.0/cli/wvgain.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selfname [MAX_PATH];
data/wavpack-5.3.0/cli/wvgain.c:238:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (matches [num_files], ".wv");
data/wavpack-5.3.0/cli/wvgain.c:283:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *list = fopen (infilename+1, "rb");
data/wavpack-5.3.0/cli/wvgain.c:411:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wvgain.c:558:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argv_copy, argv_utf8, sizeof (char*) * argc_utf8);
data/wavpack-5.3.0/cli/wvgain.c:591:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wvgain.c:759:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80], value [20];
data/wavpack-5.3.0/cli/wvgain.c:801:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title [40], artist [40], album [40], year [10], comment [40], track [10];
data/wavpack-5.3.0/cli/wvgain.c:831:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%+.2f dB", track_gain);
data/wavpack-5.3.0/cli/wvgain.c:834:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%.6f", track_peak);
data/wavpack-5.3.0/cli/wvgain.c:838:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%+.2f dB", album_gain);
data/wavpack-5.3.0/cli/wvgain.c:840:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (value, "%.6f", album_peak);
data/wavpack-5.3.0/cli/wvgain.c:863:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80], value [20];
data/wavpack-5.3.0/cli/wvgain.c:1184:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (butter_hist_a, butter_hist_a + 252, sizeof (butter_hist_a [0]) * 4);
data/wavpack-5.3.0/cli/wvgain.c:1185:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (butter_hist_b, butter_hist_b + 252, sizeof (butter_hist_b [0]) * 4);
data/wavpack-5.3.0/cli/wvgain.c:1242:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (yule_hist_a, yule_hist_a + 236, sizeof (yule_hist_a [0]) * 20);
data/wavpack-5.3.0/cli/wvgain.c:1243:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (yule_hist_b, yule_hist_b + 236, sizeof (yule_hist_b [0]) * 20);
data/wavpack-5.3.0/cli/wvgain.c:1449:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (CP_ACP, 0, string, -1, temp, max_chars + 1);
data/wavpack-5.3.0/cli/wvgain.c:1466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title [40];
data/wavpack-5.3.0/cli/wvgain.c:1470:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "%d%% (WvGain)", (int) ((file_progress * 100.0) + 0.5));
data/wavpack-5.3.0/cli/wvtag.c:55:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen(f,m) fopen_utf8(f,m)
data/wavpack-5.3.0/cli/wvtag.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selfname [MAX_PATH];
data/wavpack-5.3.0/cli/wvtag.c:339:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tag_items [i].item, *argv, cp - *argv);
data/wavpack-5.3.0/cli/wvtag.c:376:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (matches [num_files], ".wv");
data/wavpack-5.3.0/cli/wvtag.c:537:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *list = fopen (infilename+1, "rb");
data/wavpack-5.3.0/cli/wvtag.c:708:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argv_copy, argv_utf8, sizeof (char*) * argc_utf8);
data/wavpack-5.3.0/cli/wvtag.c:741:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wvtag.c:779:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title [40], artist [40], album [40], year [10], comment [40], track [10];
data/wavpack-5.3.0/cli/wvtag.c:813:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wvtag.c:926:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_filename [256];
data/wavpack-5.3.0/cli/wvtag.c:991:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!overwrite_all && (outfile = fopen (full_filename, "r")) != NULL) {
data/wavpack-5.3.0/cli/wvtag.c:1010:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen (full_filename, "w")) == NULL) {
data/wavpack-5.3.0/cli/wvtag.c:1108:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *item, fname [256];
data/wavpack-5.3.0/cli/wvtag.c:1124:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_result [16];
data/wavpack-5.3.0/cli/wvtag.c:1139:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string + (j * 2), "%02x", md5_result [j]);
data/wavpack-5.3.0/cli/wvtag.c:1507:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (CP_ACP, 0, string, -1, temp, max_chars + 1);
data/wavpack-5.3.0/cli/wvtag.c:1586:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen (filename, mode);
data/wavpack-5.3.0/cli/wvtag.c:1616:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
res = fopen (matchname, mode);
data/wavpack-5.3.0/cli/wvtag.c:1654:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
res = fopen (matchname, mode);
data/wavpack-5.3.0/cli/wvtest.c:121:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_decoded [16];
data/wavpack-5.3.0/cli/wvtest.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wvtest.c:299:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_initial [16], md5_stored [16];
data/wavpack-5.3.0/cli/wvtest.c:391:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string1 + (i * 2), "%02x", md5_stored [i]);
data/wavpack-5.3.0/cli/wvtest.c:392:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string2 + (i * 2), "%02x", md5_initial [i]);
data/wavpack-5.3.0/cli/wvtest.c:406:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_subsequent [16];
data/wavpack-5.3.0/cli/wvtest.c:455:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_chunk [16];
data/wavpack-5.3.0/cli/wvtest.c:686:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_encoded [16];
data/wavpack-5.3.0/cli/wvtest.c:696:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (mode_string, "hh");
data/wavpack-5.3.0/cli/wvtest.c:777:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (filename, "testfile-%04d.wv", test_number);
data/wavpack-5.3.0/cli/wvtest.c:779:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((wv_stream.file = fopen (filename, "w+b")) == NULL)) {
data/wavpack-5.3.0/cli/wvtest.c:803:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wvc_stream.file = fopen (filename_c, "w+b")) == NULL) {
data/wavpack-5.3.0/cli/wvtest.c:830:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mode_string + strlen (mode_string), "x%c", '0' + (test_flags & TEST_FLAG_EXTRA_MASK));
data/wavpack-5.3.0/cli/wvtest.c:843:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (mode_string, "b4c");
data/wavpack-5.3.0/cli/wvtest.c:847:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (mode_string, "b3c");
data/wavpack-5.3.0/cli/wvtest.c:852:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (mode_string, "b5");
data/wavpack-5.3.0/cli/wvtest.c:970:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string1 + (i * 2), "%02x", md5_encoded [i]);
data/wavpack-5.3.0/cli/wvtest.c:971:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string2 + (i * 2), "%02x", wv_decoder.md5_decoded [i]);
data/wavpack-5.3.0/cli/wvtest.c:1002:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wvtest.c:1094:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *) ws->buffer_head, data_ptr, bytes_to_copy);
data/wavpack-5.3.0/cli/wvtest.c:1135:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data_ptr, (void *) ws->buffer_tail, bytes_to_copy);
data/wavpack-5.3.0/cli/wvunpack.c:57:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen(f,m) fopen_utf8(f,m)
data/wavpack-5.3.0/cli/wvunpack.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selfname [MAX_PATH];
data/wavpack-5.3.0/cli/wvunpack.c:501:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (matches [num_files], ".wv");
data/wavpack-5.3.0/cli/wvunpack.c:526:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (matches [num_files], ".wv");
data/wavpack-5.3.0/cli/wvunpack.c:605:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *list = fopen (infilename+1, "rb");
data/wavpack-5.3.0/cli/wvunpack.c:714:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listbuff [PATH_MAX * 2], *lp = listbuff;
data/wavpack-5.3.0/cli/wvunpack.c:715:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *list = fopen (outfilename+1, "rb");
data/wavpack-5.3.0/cli/wvunpack.c:862:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argv_copy, argv_utf8, sizeof (char*) * argc_utf8);
data/wavpack-5.3.0/cli/wvunpack.c:949:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen (filename, "rb");
data/wavpack-5.3.0/cli/wvunpack.c:982:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (filespec_ext (*tempfilename), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wvunpack.c:984:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (filespec_ext (*tempfilename), ".tmp");
data/wavpack-5.3.0/cli/wvunpack.c:990:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (*tempfilename + strlen (*tempfilename), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wvunpack.c:992:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (*tempfilename, ".tmp");
data/wavpack-5.3.0/cli/wvunpack.c:995:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen (*tempfilename, "rb");
data/wavpack-5.3.0/cli/wvunpack.c:1009:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retval = fopen (*tempfilename ? *tempfilename : filename, "w+b");
data/wavpack-5.3.0/cli/wvunpack.c:1040:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_unpacked [16];
data/wavpack-5.3.0/cli/wvunpack.c:1045:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error [80];
data/wavpack-5.3.0/cli/wvunpack.c:1344:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_original [16];
data/wavpack-5.3.0/cli/wvunpack.c:1350:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string1 + (i * 2), "%02x", md5_original [i]);
data/wavpack-5.3.0/cli/wvunpack.c:1359:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string2 + (i * 2), "%02x", md5_unpacked [i]);
data/wavpack-5.3.0/cli/wvunpack.c:1485:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file, *fext, *oper, *cmode, cratio [16] = "";
data/wavpack-5.3.0/cli/wvunpack.c:1502:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cratio, ", %.2f%%", 100.0 - WavpackGetRatio (wpc) * 100.0);
data/wavpack-5.3.0/cli/wvunpack.c:1508:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cratio, ", %d kbps", (int) (WavpackGetAverageBitrate (wpc, TRUE) / 1000.0));
data/wavpack-5.3.0/cli/wvunpack.c:1524:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in2filename [PATH_MAX];
data/wavpack-5.3.0/cli/wvunpack.c:1845:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_filename [256];
data/wavpack-5.3.0/cli/wvunpack.c:1910:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!overwrite_all && (outfile = fopen (full_filename, "r")) != NULL) {
data/wavpack-5.3.0/cli/wvunpack.c:1932:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen (full_filename, "w")) == NULL) {
data/wavpack-5.3.0/cli/wvunpack.c:2171:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, temp, num_chans * sizeof (*data));
data/wavpack-5.3.0/cli/wvunpack.c:2190:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_sum [16];
data/wavpack-5.3.0/cli/wvunpack.c:2191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modes [80];
data/wavpack-5.3.0/cli/wvunpack.c:2208:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "unassigned speakers");
data/wavpack-5.3.0/cli/wvunpack.c:2210:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "mono");
data/wavpack-5.3.0/cli/wvunpack.c:2212:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "stereo");
data/wavpack-5.3.0/cli/wvunpack.c:2214:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "quad");
data/wavpack-5.3.0/cli/wvunpack.c:2216:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "5.1 surround");
data/wavpack-5.3.0/cli/wvunpack.c:2218:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "5.1 surround side");
data/wavpack-5.3.0/cli/wvunpack.c:2220:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "7.1 surround");
data/wavpack-5.3.0/cli/wvunpack.c:2222:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (modes, "5.1 + stereo");
data/wavpack-5.3.0/cli/wvunpack.c:2240:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, "...");
data/wavpack-5.3.0/cli/wvunpack.c:2259:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, "hybrid ");
data/wavpack-5.3.0/cli/wvunpack.c:2264:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, ", fast");
data/wavpack-5.3.0/cli/wvunpack.c:2266:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, ", very high");
data/wavpack-5.3.0/cli/wvunpack.c:2268:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, ", high");
data/wavpack-5.3.0/cli/wvunpack.c:2271:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, ", extra");
data/wavpack-5.3.0/cli/wvunpack.c:2274:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xmode[3] = "-0";
data/wavpack-5.3.0/cli/wvunpack.c:2282:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, ", sfx");
data/wavpack-5.3.0/cli/wvunpack.c:2285:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (modes, ", dns");
data/wavpack-5.3.0/cli/wvunpack.c:2305:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string + (i * 2), "%02x", md5_sum [i]);
data/wavpack-5.3.0/cli/wvunpack.c:2313:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_name [5];
data/wavpack-5.3.0/cli/wvunpack.c:2315:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (header_name, "????");
data/wavpack-5.3.0/cli/wvunpack.c:2333:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trailer_name [5];
data/wavpack-5.3.0/cli/wvunpack.c:2335:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (trailer_name, "????");
data/wavpack-5.3.0/cli/wvunpack.c:2396:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *item, fname [256];
data/wavpack-5.3.0/cli/wvunpack.c:2412:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_result [16];
data/wavpack-5.3.0/cli/wvunpack.c:2427:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string + (j * 2), "%02x", md5_result [j]);
data/wavpack-5.3.0/cli/wvunpack.c:2466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str [80];
data/wavpack-5.3.0/cli/wvunpack.c:2494:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_sum [16];
data/wavpack-5.3.0/cli/wvunpack.c:2498:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen (str), "%d", WavpackGetNativeSampleRate (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2502:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen (str), "%d", (WavpackGetQualifyMode (wpc) & QMODE_DSD_AUDIO) ? 1 : WavpackGetBitsPerSample (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2510:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen (str), "%d", WavpackGetNumChannels (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2514:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen (str), "0x%x", WavpackGetChannelMask (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2519:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen (str), "%lld",
data/wavpack-5.3.0/cli/wvunpack.c:2530:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5_string + (i * 2), "%02x", md5_sum [i]);
data/wavpack-5.3.0/cli/wvunpack.c:2538:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen (str), "%d", WavpackGetVersion (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2542:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen (str), "0x%x", WavpackGetMode (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2793:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar (CP_ACP, 0, string, -1, temp, max_chars + 1);
data/wavpack-5.3.0/cli/wvunpack.c:2867:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title [40];
data/wavpack-5.3.0/cli/wvunpack.c:2871:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "%d%% (WvUnpack)", (int) ((file_progress * 100.0) + 0.5));
data/wavpack-5.3.0/include/wavpack.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/include/wavpack.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formType [4];
data/wavpack-5.3.0/include/wavpack.h:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/include/wavpack.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GUID [14];
data/wavpack-5.3.0/include/wavpack.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/include/wavpack.h:196:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_checksum [16], md5_read;
data/wavpack-5.3.0/include/wavpack.h:363:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int WavpackGetMD5Sum (WavpackContext *wpc, unsigned char data [16]);
data/wavpack-5.3.0/include/wavpack.h:400:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int WavpackStoreMD5Sum (WavpackContext *wpc, unsigned char data [16]);
data/wavpack-5.3.0/src/common_utils.c:306:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (reorder, wpc->channel_reordering, wpc->channel_layout & 0xff);
data/wavpack-5.3.0/src/extra1.c:126:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_A, dpp->samples_A, sizeof (dpp->samples_A));
data/wavpack-5.3.0/src/extra1.c:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dppi->samples_A, dp.samples_A, sizeof (dp.samples_A));
data/wavpack-5.3.0/src/extra1.c:262:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * (depth + 1));
data/wavpack-5.3.0/src/extra1.c:263:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [depth + 1], wps->wphdr.block_samples * 4);
data/wavpack-5.3.0/src/extra1.c:328:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * i);
data/wavpack-5.3.0/src/extra1.c:329:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [i], wps->wphdr.block_samples * 4);
data/wavpack-5.3.0/src/extra1.c:352:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * i);
data/wavpack-5.3.0/src/extra1.c:353:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [i], wps->wphdr.block_samples * 4);
data/wavpack-5.3.0/src/extra1.c:369:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->dps, wps->decorr_passes, sizeof (wps->decorr_passes));
data/wavpack-5.3.0/src/extra1.c:397:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * i);
data/wavpack-5.3.0/src/extra1.c:398:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [i], wps->wphdr.block_samples * 4);
data/wavpack-5.3.0/src/extra1.c:437:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info.sampleptrs [0], samples, wps->wphdr.block_samples * 4);
data/wavpack-5.3.0/src/extra1.c:444:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info.sampleptrs [info.nterms + 1], info.sampleptrs [i], wps->wphdr.block_samples * 4);
data/wavpack-5.3.0/src/extra1.c:466:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (samples, info.sampleptrs [info.nterms + 1], wps->wphdr.block_samples * 4);
data/wavpack-5.3.0/src/extra1.c:580:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (noisy_buffer, samples, buf_size);
data/wavpack-5.3.0/src/extra1.c:610:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_buffer [0], noisy_buffer ? noisy_buffer : samples, buf_size);
data/wavpack-5.3.0/src/extra1.c:630:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (save_decorr_passes + j, &temp_decorr_pass, sizeof (struct decorr_pass));
data/wavpack-5.3.0/src/extra1.c:645:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (best_buffer, temp_buffer [j&1], buf_size);
data/wavpack-5.3.0/src/extra1.c:646:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, save_decorr_passes, sizeof (struct decorr_pass) * MAX_NTERMS);
data/wavpack-5.3.0/src/extra1.c:661:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (samples, noisy_buffer, buf_size);
data/wavpack-5.3.0/src/extra1.c:667:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (samples, best_buffer, buf_size);
data/wavpack-5.3.0/src/extra1.c:681:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string [256], substring [20];
data/wavpack-5.3.0/src/extra1.c:684:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "M: terms =");
data/wavpack-5.3.0/src/extra1.c:689:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (substring, " %d", wps->decorr_passes [i].term);
data/wavpack-5.3.0/src/extra1.c:691:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (substring, " %d->%d", wps->decorr_passes [i].term,
data/wavpack-5.3.0/src/extra1.c:695:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (substring, " *");
data/wavpack-5.3.0/src/extra2.c:189:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_A, dpp->samples_A, sizeof (dpp->samples_A));
data/wavpack-5.3.0/src/extra2.c:190:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_B, dpp->samples_B, sizeof (dpp->samples_B));
data/wavpack-5.3.0/src/extra2.c:353:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dppi->samples_A, dp.samples_A, sizeof (dp.samples_A));
data/wavpack-5.3.0/src/extra2.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dppi->samples_B, dp.samples_B, sizeof (dp.samples_B));
data/wavpack-5.3.0/src/extra2.c:425:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * (depth + 1));
data/wavpack-5.3.0/src/extra2.c:426:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [depth + 1], wps->wphdr.block_samples * 8);
data/wavpack-5.3.0/src/extra2.c:492:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * i);
data/wavpack-5.3.0/src/extra2.c:493:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [i], wps->wphdr.block_samples * 8);
data/wavpack-5.3.0/src/extra2.c:516:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * i);
data/wavpack-5.3.0/src/extra2.c:517:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [i], wps->wphdr.block_samples * 8);
data/wavpack-5.3.0/src/extra2.c:533:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->dps, wps->decorr_passes, sizeof (wps->decorr_passes));
data/wavpack-5.3.0/src/extra2.c:561:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, info->dps, sizeof (info->dps [0]) * i);
data/wavpack-5.3.0/src/extra2.c:562:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->sampleptrs [info->nterms + 1], info->sampleptrs [i], wps->wphdr.block_samples * 8);
data/wavpack-5.3.0/src/extra2.c:601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info.sampleptrs [0], samples, wps->wphdr.block_samples * 8);
data/wavpack-5.3.0/src/extra2.c:608:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info.sampleptrs [info.nterms + 1], info.sampleptrs [i], wps->wphdr.block_samples * 8);
data/wavpack-5.3.0/src/extra2.c:630:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (samples, info.sampleptrs [info.nterms + 1], wps->wphdr.block_samples * 8);
data/wavpack-5.3.0/src/extra2.c:770:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (noisy_buffer, samples, buf_size);
data/wavpack-5.3.0/src/extra2.c:805:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (js_buffer, noisy_buffer ? noisy_buffer : samples, buf_size);
data/wavpack-5.3.0/src/extra2.c:813:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_buffer [0], js_buffer, buf_size);
data/wavpack-5.3.0/src/extra2.c:816:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_buffer [0], noisy_buffer ? noisy_buffer : samples, buf_size);
data/wavpack-5.3.0/src/extra2.c:838:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (save_decorr_passes + j, &temp_decorr_pass, sizeof (struct decorr_pass));
data/wavpack-5.3.0/src/extra2.c:853:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (best_buffer, temp_buffer [j&1], buf_size);
data/wavpack-5.3.0/src/extra2.c:854:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->decorr_passes, save_decorr_passes, sizeof (struct decorr_pass) * MAX_NTERMS);
data/wavpack-5.3.0/src/extra2.c:874:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (samples, js_buffer, buf_size);
data/wavpack-5.3.0/src/extra2.c:880:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (samples, noisy_buffer, buf_size);
data/wavpack-5.3.0/src/extra2.c:886:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (samples, best_buffer, buf_size);
data/wavpack-5.3.0/src/extra2.c:905:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string [256], substring [20];
data/wavpack-5.3.0/src/extra2.c:914:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (substring, " %d", wps->decorr_passes [i].term);
data/wavpack-5.3.0/src/extra2.c:916:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (substring, " %d->%d", wps->decorr_passes [i].term,
data/wavpack-5.3.0/src/extra2.c:920:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (substring, " *");
data/wavpack-5.3.0/src/open_filename.c:228:55: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *(*fopen_func)(const char *, const char *) = fopen;
data/wavpack-5.3.0/src/open_filename.c:274:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
BuffSize = MultiByteToWideChar(CP_UTF8, 0, input, -1, NULL, 0);
data/wavpack-5.3.0/src/open_filename.c:278:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
Result = MultiByteToWideChar(CP_UTF8, 0, input, -1, Buffer, BuffSize);
data/wavpack-5.3.0/src/open_raw.c:50:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (outptr, segptr->dptr, bytes_to_copy);
data/wavpack-5.3.0/src/open_raw.c:196:28: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "main block overran available data!");
data/wavpack-5.3.0/src/open_raw.c:204:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wphdr->ckID, "wvpk", 4);
data/wavpack-5.3.0/src/open_raw.c:243:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "correction block overran available data!");
data/wavpack-5.3.0/src/open_raw.c:251:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wphdr->ckID, "wvpk", 4);
data/wavpack-5.3.0/src/open_raw.c:275:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "leftover multiblock data!");
data/wavpack-5.3.0/src/open_utils.c:43:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "can't allocate memory");
data/wavpack-5.3.0/src/open_utils.c:64:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "can't edit tags located at the beginning of files!");
data/wavpack-5.3.0/src/open_utils.c:71:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "can't read all of WavPack file!");
data/wavpack-5.3.0/src/open_utils.c:81:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "this legacy WavPack file is deprecated, use version 4.80.0 to transcode");
data/wavpack-5.3.0/src/open_utils.c:88:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "can't allocate memory");
data/wavpack-5.3.0/src/open_utils.c:94:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "can't allocate memory");
data/wavpack-5.3.0/src/open_utils.c:106:28: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not compatible with this version of WavPack file!");
data/wavpack-5.3.0/src/open_utils.c:113:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "can't allocate memory");
data/wavpack-5.3.0/src/open_utils.c:116:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/open_utils.c:119:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "can't read all of WavPack file!");
data/wavpack-5.3.0/src/open_utils.c:169:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not compatible with this version of correction file!");
data/wavpack-5.3.0/src/open_utils.c:213:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not configured to handle DSD WavPack files!");
data/wavpack-5.3.0/src/open_utils.c:217:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not configured to handle DSD WavPack files!");
data/wavpack-5.3.0/src/open_utils.c:340:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't unpack correction files alone!");
data/wavpack-5.3.0/src/open_utils.c:522:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->channel_identities, wpmd->data, wpmd->byte_length);
data/wavpack-5.3.0/src/open_utils.c:663:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->wrapper_data + wpc->wrapper_bytes, wpmd->data, wpmd->byte_length);
data/wavpack-5.3.0/src/open_utils.c:773:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "not configured to handle DSD WavPack files!");
data/wavpack-5.3.0/src/open_utils.c:790:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->config.md5_checksum, wpmd->data, 16);
data/wavpack-5.3.0/src/open_utils.c:799:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->file_extension, wpmd->data, wpmd->byte_length);
data/wavpack-5.3.0/src/open_utils.c:879:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int WavpackGetMD5Sum (WavpackContext *wpc, unsigned char data [16])
data/wavpack-5.3.0/src/open_utils.c:886:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, wpc->config.md5_checksum, 16);
data/wavpack-5.3.0/src/open_utils.c:902:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer [sizeof (*wphdr)], *sp = buffer + sizeof (*wphdr), *ep = sp;
data/wavpack-5.3.0/src/open_utils.c:922:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wphdr, buffer, sizeof (*wphdr));
data/wavpack-5.3.0/src/open_utils.c:999:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&orig_wphdr, &wphdr, 32); // save original header for verify step
data/wavpack-5.3.0/src/open_utils.c:1025:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->block2buff, &orig_wphdr, 32);
data/wavpack-5.3.0/src/open_utils.c:1037:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->block2buff, &wphdr, 32);
data/wavpack-5.3.0/src/open_utils.c:1038:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&wps->wphdr, &wphdr, 32);
data/wavpack-5.3.0/src/pack.c:412:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (byteptr, wpc->channel_reordering, num_to_send);
data/wavpack-5.3.0/src/pack.c:573:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (orig_data, buffer, sizeof (f32) * ((flags & MONO_DATA) ? sample_count : sample_count * 2));
data/wavpack-5.3.0/src/pack.c:1036:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/pack.c:1055:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&wps->wphdr, wps->blockbuff, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/pack.c:1062:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (saved_buffer, buffer, sample_count * sizeof (int32_t) * (flags & MONO_DATA ? 1 : 2));
data/wavpack-5.3.0/src/pack.c:1117:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->block2buff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/pack.c:1379:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_A, dpp->samples_A, sizeof (dpp->samples_A));
data/wavpack-5.3.0/src/pack.c:1380:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_B, dpp->samples_B, sizeof (dpp->samples_B));
data/wavpack-5.3.0/src/pack.c:1438:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/pack.c:1441:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, saved_buffer, sample_count * sizeof (int32_t) * (flags & MONO_DATA ? 1 : 2));
data/wavpack-5.3.0/src/pack_dsd.c:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/pack_dsd.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&wps->wphdr, wps->blockbuff, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/pack_dsd.c:207:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void calculate_probabilities (int hist [256], unsigned char probs [256], unsigned short prob_sums [256])
data/wavpack-5.3.0/src/pack_dsd.c:287:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*probabilities) [256];
data/wavpack-5.3.0/src/pack_dsd.c:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dp, probabilities, sizeof (*probabilities) * history_bins);
data/wavpack-5.3.0/src/pack_utils.c:199:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "sample rate cannot be zero!");
data/wavpack-5.3.0/src/pack_utils.c:204:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "channel count cannot be zero!");
data/wavpack-5.3.0/src/pack_utils.c:228:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "hybrid mode not available for DSD!");
data/wavpack-5.3.0/src/pack_utils.c:236:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "libwavpack not configured for DSD!");
data/wavpack-5.3.0/src/pack_utils.c:267:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "incorrect bits/bytes configuration for float data!");
data/wavpack-5.3.0/src/pack_utils.c:277:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "invalid bytes per sample!");
data/wavpack-5.3.0/src/pack_utils.c:282:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "invalid bits per sample!");
data/wavpack-5.3.0/src/pack_utils.c:330:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "chan_ids longer than num channels!");
data/wavpack-5.3.0/src/pack_utils.c:419:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->wphdr.ckID, "wvpk", 4);
data/wavpack-5.3.0/src/pack_utils.c:442:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "too many channels!");
data/wavpack-5.3.0/src/pack_utils.c:597:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char riff_header [128];
data/wavpack-5.3.0/src/pack_utils.c:778:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int WavpackStoreMD5Sum (WavpackContext *wpc, unsigned char data [16])
data/wavpack-5.3.0/src/pack_utils.c:786:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/src/pack_utils.c:796:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/src/pack_utils.c:798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk [28];
data/wavpack-5.3.0/src/pack_utils.c:827:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't create valid RIFF wav header for non-normalized floating data!");
data/wavpack-5.3.0/src/pack_utils.c:906:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
outptr = (char *) memcpy (outptr, &riffhdr, sizeof (riffhdr)) + sizeof (riffhdr);
data/wavpack-5.3.0/src/pack_utils.c:909:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
outptr = (char *) memcpy (outptr, &ds64hdr, sizeof (ds64hdr)) + sizeof (ds64hdr);
data/wavpack-5.3.0/src/pack_utils.c:910:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
outptr = (char *) memcpy (outptr, &ds64_chunk, sizeof (ds64_chunk)) + sizeof (ds64_chunk);
data/wavpack-5.3.0/src/pack_utils.c:914:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
outptr = (char *) memcpy (outptr, &junkchunk, sizeof (junkchunk)) + sizeof (junkchunk);
data/wavpack-5.3.0/src/pack_utils.c:916:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
outptr = (char *) memcpy (outptr, &fmthdr, sizeof (fmthdr)) + sizeof (fmthdr);
data/wavpack-5.3.0/src/pack_utils.c:917:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
outptr = (char *) memcpy (outptr, &wavhdr, wavhdrsize) + wavhdrsize;
data/wavpack-5.3.0/src/pack_utils.c:918:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
outptr = (char *) memcpy (outptr, &datahdr, sizeof (datahdr)) + sizeof (datahdr);
data/wavpack-5.3.0/src/pack_utils.c:993:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "output buffer overflowed!");
data/wavpack-5.3.0/src/pack_utils.c:1002:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't write WavPack data, disk probably full!");
data/wavpack-5.3.0/src/pack_utils.c:1014:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't write WavPack data, disk probably full!");
data/wavpack-5.3.0/src/pack_utils.c:1054:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char riff_header [128];
data/wavpack-5.3.0/src/pack_utils.c:1057:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (WavpackGetWrapperLocation (first_block, NULL), riff_header, wrapper_size);
data/wavpack-5.3.0/src/pack_utils.c:1166:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer_start + (wpmd->byte_length > 510 ? 4 : 2), wpmd->data, wpmd->byte_length);
data/wavpack-5.3.0/src/pack_utils.c:1192:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) mdp->data + mdp->byte_length, src, bc);
data/wavpack-5.3.0/src/pack_utils.c:1238:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (outdata, wpmd->data, wpmd->byte_length);
data/wavpack-5.3.0/src/pack_utils.c:1267:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wphdr->ckID, "wvpk", 4);
data/wavpack-5.3.0/src/pack_utils.c:1292:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't write WavPack data, disk probably full!");
data/wavpack-5.3.0/src/tag_utils.c:257:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, p + isize + 1, vsize);
data/wavpack-5.3.0/src/tag_utils.c:264:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, p + isize + 1, vsize);
data/wavpack-5.3.0/src/tag_utils.c:269:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, p + isize + 1, size - 1);
data/wavpack-5.3.0/src/tag_utils.c:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lvalue [64];
data/wavpack-5.3.0/src/tag_utils.c:302:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lvalue, "%d", m_tag->id3_tag.comment [29]);
data/wavpack-5.3.0/src/tag_utils.c:347:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (item, p, isize);
data/wavpack-5.3.0/src/tag_utils.c:352:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (item, p, size - 1);
data/wavpack-5.3.0/src/tag_utils.c:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lvalue [16];
data/wavpack-5.3.0/src/tag_utils.c:375:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lvalue, "Title");
data/wavpack-5.3.0/src/tag_utils.c:377:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lvalue, "Artist");
data/wavpack-5.3.0/src/tag_utils.c:379:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lvalue, "Album");
data/wavpack-5.3.0/src/tag_utils.c:381:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lvalue, "Year");
data/wavpack-5.3.0/src/tag_utils.c:383:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lvalue, "Comment");
data/wavpack-5.3.0/src/tag_utils.c:385:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (lvalue, "Track");
data/wavpack-5.3.0/src/tag_utils.c:426:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "APEv2 tag exceeds maximum allowed length!");
data/wavpack-5.3.0/src/tag_utils.c:447:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, value, vsize);
data/wavpack-5.3.0/src/tag_utils.c:483:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't write WavPack data, disk probably full!");
data/wavpack-5.3.0/src/tag_utils.c:499:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't edit tags located at the beginning of files!");
data/wavpack-5.3.0/src/tag_utils.c:504:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't edit tags on pipes or unseekable files!");
data/wavpack-5.3.0/src/tag_utils.c:509:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't edit tags without OPEN_EDIT_TAGS flag!");
data/wavpack-5.3.0/src/tag_utils.c:526:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zero [1] = { 0 };
data/wavpack-5.3.0/src/tag_utils.c:551:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't write WavPack data, disk probably full!");
data/wavpack-5.3.0/src/unpack.c:474:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_A, dpp->samples_A, sizeof (dpp->samples_A));
data/wavpack-5.3.0/src/unpack.c:475:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_B, dpp->samples_B, sizeof (dpp->samples_B));
data/wavpack-5.3.0/src/unpack.c:556:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_samples, dpp->samples_A, sizeof (dpp->samples_A));
data/wavpack-5.3.0/src/unpack3.c:1182:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->wrapper_data + wpc->wrapper_bytes, bs_unused_data (&wps->wvbits), bs_unused_bytes (&wps->wvbits));
data/wavpack-5.3.0/src/unpack3.c:1193:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->wrapper_data + wpc->wrapper_bytes, temp, bcount);
data/wavpack-5.3.0/src/unpack3.c:1217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->dc.sample, sample, sizeof (sample));
data/wavpack-5.3.0/src/unpack3.c:1218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->dc.weight, weight, sizeof (weight));
data/wavpack-5.3.0/src/unpack3.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckID [4];
data/wavpack-5.3.0/src/unpack3.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension [4], extra_bc, extras [3];
data/wavpack-5.3.0/src/unpack3.h:116:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define SAVE(destin, item) { memcpy (destin, &item, sizeof (item)); destin = (char *) destin + sizeof (item); }
data/wavpack-5.3.0/src/unpack3_open.c:49:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:57:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->wrapper_data, &RiffChunkHeader, sizeof (RiffChunkHeader));
data/wavpack-5.3.0/src/unpack3_open.c:69:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:75:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->wrapper_data + wpc->wrapper_bytes, &ChunkHeader, sizeof (ChunkHeader));
data/wavpack-5.3.0/src/unpack3_open.c:85:40: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:90:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wpc->wrapper_data + wpc->wrapper_bytes, &wavhdr, sizeof (wavhdr));
data/wavpack-5.3.0/src/unpack3_open.c:100:40: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:122:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:141:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:149:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:157:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:162:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:167:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:176:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:193:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (error) strcpy (error, "not a valid WavPack file!");
data/wavpack-5.3.0/src/unpack3_open.c:249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&wps->wphdr, &wphdr, sizeof (wphdr));
data/wavpack-5.3.0/src/unpack_dsd.c:152:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wps->dsd.probabilities = (unsigned char (*)[256])malloc (sizeof (*wps->dsd.probabilities) * wps->dsd.history_bins);
data/wavpack-5.3.0/src/unpack_dsd.c:179:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->dsd.probabilities, wps->dsd.byteptr, sizeof (*wps->dsd.probabilities) * wps->dsd.history_bins);
data/wavpack-5.3.0/src/unpack_dsd.c:495:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char delay [HISTORY_BYTES];
data/wavpack-5.3.0/src/unpack_seek.c:95:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/unpack_seek.c:107:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_seek.c:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/unpack_seek.c:125:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->block2buff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/unpack_seek.c:137:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->block2buff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_seek.c:141:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->block2buff, &wps->wphdr, sizeof (WavpackHeader));
data/wavpack-5.3.0/src/unpack_seek.c:171:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_seek.c:183:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_seek.c:301:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wphdr, sp - 4, sizeof (*wphdr));
data/wavpack-5.3.0/src/unpack_utils.c:81:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_utils.c:85:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't read all of last block!");
data/wavpack-5.3.0/src/unpack_utils.c:95:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_utils.c:105:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_utils.c:145:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "discontinuity found, aborting file!");
data/wavpack-5.3.0/src/unpack_utils.c:225:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_utils.c:239:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_utils.c:249:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wps->blockbuff, &wps->wphdr, 32);
data/wavpack-5.3.0/src/unpack_utils.c:361:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (wpc->error_message, "can't read all of last block!");
data/wavpack-5.3.0/src/wavpack_local.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_id [3], title [30], artist [30], album [30];
data/wavpack-5.3.0/src/wavpack_local.h:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char year [4], comment [30], genre;
data/wavpack-5.3.0/src/wavpack_local.h:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID [8];
data/wavpack-5.3.0/src/wavpack_local.h:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res [8];
data/wavpack-5.3.0/src/wavpack_local.h:206:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char joint_stereo, delta, terms [MAX_NTERMS+1];
data/wavpack-5.3.0/src/wavpack_local.h:255:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *byteptr, *endptr, (*probabilities) [256], *lookup_buffer, **value_lookup, mode, ready;
data/wavpack-5.3.0/src/wavpack_local.h:311:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_extension [8];
data/wavpack-5.3.0/src/wavpack_local.h:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_message [80];
data/wavpack-5.3.0/src/wavpack_local.h:545:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char nbits_table [256];
data/wavpack-5.3.0/src/wavpack_local.h:603:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int WavpackGetMD5Sum (WavpackContext *wpc, unsigned char data [16]);
data/wavpack-5.3.0/src/wavpack_local.h:619:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int WavpackStoreMD5Sum (WavpackContext *wpc, unsigned char data [16]);
data/wavpack-5.3.0/cli/dsdiff_write.c:87:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmpr_name_size = (strlen (cmpr_name) + 1) & ~1;
data/wavpack-5.3.0/cli/import_id3.c:236:120: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wpc && !WavpackAppendTagItem (wpc, (char *) utf8_strings [0], (char *) utf8_strings [1], (int) strlen ((char *) utf8_strings [1]))) {
data/wavpack-5.3.0/cli/import_id3.c:242:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes_used) *bytes_used += (int) (strlen ((char *) utf8_strings [0]) + strlen ((char *) utf8_strings [1]) + 1);
data/wavpack-5.3.0/cli/import_id3.c:242:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes_used) *bytes_used += (int) (strlen ((char *) utf8_strings [0]) + strlen ((char *) utf8_strings [1]) + 1);
data/wavpack-5.3.0/cli/import_id3.c:247:130: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wpc && !WavpackAppendTagItem (wpc, text_tag_table [i].ape_item, (char *) utf8_strings [0], (int) strlen ((char *) utf8_strings [0]))) {
data/wavpack-5.3.0/cli/import_id3.c:253:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes_used) *bytes_used += (int) (strlen ((char *) utf8_strings [0]) + strlen (text_tag_table [i].ape_item) + 1);
data/wavpack-5.3.0/cli/import_id3.c:253:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes_used) *bytes_used += (int) (strlen ((char *) utf8_strings [0]) + strlen (text_tag_table [i].ape_item) + 1);
data/wavpack-5.3.0/cli/import_id3.c:320:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int binary_tag_size = (int) strlen (item) + (int) strlen (extension) + 1 + frame_bytes;
data/wavpack-5.3.0/cli/import_id3.c:320:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int binary_tag_size = (int) strlen (item) + (int) strlen (extension) + 1 + frame_bytes;
data/wavpack-5.3.0/cli/import_id3.c:333:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes_used) *bytes_used += (int) strlen (item) + 1 + binary_tag_size;
data/wavpack-5.3.0/cli/import_id3.c:431:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_chars = (int) strlen (string);
data/wavpack-5.3.0/cli/import_id3.c:455:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insize = strlen (string);
data/wavpack-5.3.0/cli/utils.c:120:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = filespec + strlen (filespec);
data/wavpack-5.3.0/cli/utils.c:128:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp+1) && strlen (cp+1) <= 4)
data/wavpack-5.3.0/cli/utils.c:128:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp+1) && strlen (cp+1) <= 4)
data/wavpack-5.3.0/cli/utils.c:142:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = filespec + strlen (filespec);
data/wavpack-5.3.0/cli/utils.c:150:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp+1) && strlen (cp+1) <= 4)
data/wavpack-5.3.0/cli/utils.c:150:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp+1) && strlen (cp+1) <= 4)
data/wavpack-5.3.0/cli/utils.c:175:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = filespec + strlen (filespec);
data/wavpack-5.3.0/cli/utils.c:186:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
return strcat (filespec, "/");
data/wavpack-5.3.0/cli/utils.c:208:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = filespec + strlen (filespec);
data/wavpack-5.3.0/cli/utils.c:222:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
return strcat (filespec, "\\");
data/wavpack-5.3.0/cli/utils.c:233:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
return strcat (filespec, "\\");
data/wavpack-5.3.0/cli/utils.c:264:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = filespec + strlen (filespec);
data/wavpack-5.3.0/cli/utils.c:272:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp + 1))
data/wavpack-5.3.0/cli/utils.c:282:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = filespec + strlen (filespec);
data/wavpack-5.3.0/cli/utils.c:288:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cp + 1))
data/wavpack-5.3.0/cli/utils.c:315:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key = fgetc(stdin);
data/wavpack-5.3.0/cli/utils.h:59:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define FN_FIT(fn) ((strlen (fn) > 30) ? filespec_name (fn) : fn)
data/wavpack-5.3.0/cli/wavpack.c:760:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_arg = malloc (strlen (settings) + 16);
data/wavpack-5.3.0/cli/wavpack.c:774:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_items [i].vsize = (int) strlen (cp + 1);
data/wavpack-5.3.0/cli/wavpack.c:790:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [num_files] = malloc (strlen (*argv) + 10);
data/wavpack-5.3.0/cli/wavpack.c:800:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename = malloc (strlen (*argv) + PATH_MAX);
data/wavpack-5.3.0/cli/wavpack.c:804:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out2filename = malloc (strlen (*argv) + PATH_MAX);
data/wavpack-5.3.0/cli/wavpack.c:813:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename = malloc (strlen (*argv) + PATH_MAX);
data/wavpack-5.3.0/cli/wavpack.c:819:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [num_files] = malloc (strlen (*argv) + 10);
data/wavpack-5.3.0/cli/wavpack.c:916:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *temp = malloc (strlen (matches [0]) + PATH_MAX);
data/wavpack-5.3.0/cli/wavpack.c:925:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *temp = malloc (strlen (outfilename) + PATH_MAX);
data/wavpack-5.3.0/cli/wavpack.c:973:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int isize = (int) strlen (tag_items [i].item);
data/wavpack-5.3.0/cli/wavpack.c:974:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int esize = tag_items [i].ext ? (int) strlen (tag_items [i].ext) : 0;
data/wavpack-5.3.0/cli/wavpack.c:1003:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_items [i].vsize = (int) strlen (tag_items [i].value);
data/wavpack-5.3.0/cli/wavpack.c:1119:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wavpack.c:1119:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wavpack.c:1236:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename = malloc (strlen (matches [file_index]) + 10);
data/wavpack-5.3.0/cli/wavpack.c:1250:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out2filename = malloc (strlen (outfilename) + 10);
data/wavpack-5.3.0/cli/wavpack.c:1254:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *temp = malloc (strlen (outfilename) + PATH_MAX);
data/wavpack-5.3.0/cli/wavpack.c:1441:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchname = malloc (strlen (filename) + strlen(name_utf8));
data/wavpack-5.3.0/cli/wavpack.c:1441:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchname = malloc (strlen (filename) + strlen(name_utf8));
data/wavpack-5.3.0/cli/wavpack.c:1483:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchname = malloc (strlen (globbuf.gl_pathv [i]) + 10);
data/wavpack-5.3.0/cli/wavpack.c:1665:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename_temp = malloc (strlen (outfilename) + 16);
data/wavpack-5.3.0/cli/wavpack.c:1668:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out2filename_temp = malloc (strlen (outfilename) + 16);
data/wavpack-5.3.0/cli/wavpack.c:1683:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (outfilename_temp + strlen (outfilename_temp), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wavpack.c:1701:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out2filename_temp, "c");
data/wavpack-5.3.0/cli/wavpack.c:2721:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename_temp = malloc (strlen (outfilename) + 16);
data/wavpack-5.3.0/cli/wavpack.c:2724:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out2filename_temp = malloc (strlen (outfilename) + 16);
data/wavpack-5.3.0/cli/wavpack.c:2739:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (outfilename_temp + strlen (outfilename_temp), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wavpack.c:2753:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out2filename_temp, "c");
data/wavpack-5.3.0/cli/wavpack.c:2989:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = (int) strlen (value);
data/wavpack-5.3.0/cli/wavpack.c:2994:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = (int) strlen (value);
data/wavpack-5.3.0/cli/wavpack.c:3095:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (in2filename, "c");
data/wavpack-5.3.0/cli/wavpack.c:3649:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (settings, "-");
data/wavpack-5.3.0/cli/wavpack.c:3654:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (settings, "f");
data/wavpack-5.3.0/cli/wavpack.c:3658:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (settings, "h");
data/wavpack-5.3.0/cli/wavpack.c:3661:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (settings + strlen (settings), "b%g", config->bitrate);
data/wavpack-5.3.0/cli/wavpack.c:3666:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (settings, "c");
data/wavpack-5.3.0/cli/wavpack.c:3670:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (settings + strlen (settings), "x%d", config->xmode ? config->xmode : 1);
data/wavpack-5.3.0/cli/wavpack.c:3682:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (settings + strlen (settings), "s%g", config->shaping_weight);
data/wavpack-5.3.0/cli/wavpack.c:3687:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (settings + strlen (settings), " --pre-quantize%s=%d",
data/wavpack-5.3.0/cli/wavpack.c:3691:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (settings + strlen (settings), " --blocksize=%d", config->block_samples);
data/wavpack-5.3.0/cli/wavpack.c:4144:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_chars = (int) strlen (string);
data/wavpack-5.3.0/cli/wavpack.c:4187:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insize = strlen (string);
data/wavpack-5.3.0/cli/win32_unicode_support.c:154:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (int) wcslen (wide_string);
data/wavpack-5.3.0/cli/wvgain.c:233:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [num_files] = malloc (strlen (*argv) + 10);
data/wavpack-5.3.0/cli/wvgain.c:369:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wvgain.c:369:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wvgain.c:811:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Title", title, (int) strlen (title));
data/wavpack-5.3.0/cli/wvgain.c:814:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Artist", artist, (int) strlen (artist));
data/wavpack-5.3.0/cli/wvgain.c:817:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Album", album, (int) strlen (album));
data/wavpack-5.3.0/cli/wvgain.c:820:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Year", year, (int) strlen (year));
data/wavpack-5.3.0/cli/wvgain.c:823:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Comment", comment, (int) strlen (comment));
data/wavpack-5.3.0/cli/wvgain.c:826:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Track", track, (int) strlen (track));
data/wavpack-5.3.0/cli/wvgain.c:832:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "replaygain_track_gain", value, (int) strlen (value));
data/wavpack-5.3.0/cli/wvgain.c:835:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "replaygain_track_peak", value, (int) strlen (value));
data/wavpack-5.3.0/cli/wvgain.c:839:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "replaygain_album_gain", value, (int) strlen (value));
data/wavpack-5.3.0/cli/wvgain.c:841:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "replaygain_album_peak", value, (int) strlen (value));
data/wavpack-5.3.0/cli/wvgain.c:1446:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_chars = (int) strlen (string);
data/wavpack-5.3.0/cli/wvtag.c:341:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_items [i].vsize = (int) strlen (cp + 1);
data/wavpack-5.3.0/cli/wvtag.c:371:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [num_files] = malloc (strlen (*argv) + 10);
data/wavpack-5.3.0/cli/wvtag.c:432:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *temp = malloc (strlen (matches [0]) + PATH_MAX);
data/wavpack-5.3.0/cli/wvtag.c:480:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int isize = (int) strlen (tag_items [i].item);
data/wavpack-5.3.0/cli/wvtag.c:481:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int esize = tag_items [i].ext ? (int) strlen (tag_items [i].ext) : 0;
data/wavpack-5.3.0/cli/wvtag.c:510:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_items [i].vsize = (int) strlen (tag_items [i].value);
data/wavpack-5.3.0/cli/wvtag.c:623:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wvtag.c:623:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wvtag.c:789:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Title", title, (int) strlen (title));
data/wavpack-5.3.0/cli/wvtag.c:792:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Artist", artist, (int) strlen (artist));
data/wavpack-5.3.0/cli/wvtag.c:795:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Album", album, (int) strlen (album));
data/wavpack-5.3.0/cli/wvtag.c:798:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Year", year, (int) strlen (year));
data/wavpack-5.3.0/cli/wvtag.c:801:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Comment", comment, (int) strlen (comment));
data/wavpack-5.3.0/cli/wvtag.c:804:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WavpackAppendTagItem (wpc, "Track", track, (int) strlen (track));
data/wavpack-5.3.0/cli/wvtag.c:913:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_extractions [num_tag_extractions] = malloc (strlen (spec) + 10);
data/wavpack-5.3.0/cli/wvtag.c:928:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (output_spec && output_spec > extraction_spec && strlen (output_spec) > 1)
data/wavpack-5.3.0/cli/wvtag.c:932:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_length = (int) strlen (outfilename) + (int) strlen (tag_filename) + 10;
data/wavpack-5.3.0/cli/wvtag.c:932:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_length = (int) strlen (outfilename) + (int) strlen (tag_filename) + 10;
data/wavpack-5.3.0/cli/wvtag.c:936:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_length += (int) strlen (output_spec) + 256;
data/wavpack-5.3.0/cli/wvtag.c:953:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen (dst);
data/wavpack-5.3.0/cli/wvtag.c:964:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen (dst);
data/wavpack-5.3.0/cli/wvtag.c:972:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen (dst);
data/wavpack-5.3.0/cli/wvtag.c:1085:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvtag.c:1085:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvtag.c:1085:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvtag.c:1114:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvtag.c:1114:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvtag.c:1114:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvtag.c:1219:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sanitized_tag_value) < 256)
data/wavpack-5.3.0/cli/wvtag.c:1353:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_chars = (int) strlen (string);
data/wavpack-5.3.0/cli/wvtag.c:1504:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_chars = (int) strlen (string);
data/wavpack-5.3.0/cli/wvtag.c:1547:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insize = strlen (string);
data/wavpack-5.3.0/cli/wvtag.c:1604:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchname = malloc (strlen (filename) + strlen(name_utf8));
data/wavpack-5.3.0/cli/wvtag.c:1604:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchname = malloc (strlen (filename) + strlen(name_utf8));
data/wavpack-5.3.0/cli/wvtag.c:1646:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchname = malloc (strlen (globbuf.gl_pathv [i]) + 10);
data/wavpack-5.3.0/cli/wvtest.c:692:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (mode_string, "f");
data/wavpack-5.3.0/cli/wvtest.c:694:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (mode_string, "h");
data/wavpack-5.3.0/cli/wvtest.c:798:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filename_c = malloc (strlen (filename) + 10);
data/wavpack-5.3.0/cli/wvtest.c:801:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (filename_c, "c");
data/wavpack-5.3.0/cli/wvtest.c:830:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (mode_string + strlen (mode_string), "x%c", '0' + (test_flags & TEST_FLAG_EXTRA_MASK));
data/wavpack-5.3.0/cli/wvunpack.c:496:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [num_files] = malloc (strlen (*argv) + 10);
data/wavpack-5.3.0/cli/wvunpack.c:506:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename = malloc (strlen (*argv) + PATH_MAX);
data/wavpack-5.3.0/cli/wvunpack.c:515:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename = malloc (strlen (*argv) + PATH_MAX);
data/wavpack-5.3.0/cli/wvunpack.c:521:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [num_files] = malloc (strlen (*argv) + 10);
data/wavpack-5.3.0/cli/wvunpack.c:691:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wvunpack.c:691:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matches [++file_index] = malloc (strlen (infilename) + strlen (name_utf8) + 10);
data/wavpack-5.3.0/cli/wvunpack.c:784:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outfilename = malloc (strlen (matches [file_index]) + 10);
data/wavpack-5.3.0/cli/wvunpack.c:975:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*tempfilename = malloc (strlen (filename) + 16);
data/wavpack-5.3.0/cli/wvunpack.c:990:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (*tempfilename + strlen (*tempfilename), ".tmp%d", count-1);
data/wavpack-5.3.0/cli/wvunpack.c:1253:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (outfilename, ".");
data/wavpack-5.3.0/cli/wvunpack.c:1527:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (in2filename, "c");
data/wavpack-5.3.0/cli/wvunpack.c:1832:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_extractions [num_tag_extractions] = malloc (strlen (spec) + 10);
data/wavpack-5.3.0/cli/wvunpack.c:1847:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (output_spec && output_spec > extraction_spec && strlen (output_spec) > 1)
data/wavpack-5.3.0/cli/wvunpack.c:1851:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_length = (int) strlen (outfilename) + (int) strlen (tag_filename) + 10;
data/wavpack-5.3.0/cli/wvunpack.c:1851:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_length = (int) strlen (outfilename) + (int) strlen (tag_filename) + 10;
data/wavpack-5.3.0/cli/wvunpack.c:1855:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_length += (int) strlen (output_spec) + 256;
data/wavpack-5.3.0/cli/wvunpack.c:1872:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen (dst);
data/wavpack-5.3.0/cli/wvunpack.c:1883:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen (dst);
data/wavpack-5.3.0/cli/wvunpack.c:1891:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen (dst);
data/wavpack-5.3.0/cli/wvunpack.c:2233:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (modes, ",");
data/wavpack-5.3.0/cli/wvunpack.c:2373:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvunpack.c:2373:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvunpack.c:2373:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvunpack.c:2402:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvunpack.c:2402:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvunpack.c:2402:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (dst, "%s:%s", item, strlen (item) < strlen (spaces) ? spaces + strlen (item) : " ");
data/wavpack-5.3.0/cli/wvunpack.c:2474:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (str, ";");
data/wavpack-5.3.0/cli/wvunpack.c:2498:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "%d", WavpackGetNativeSampleRate (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2502:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "%d", (WavpackGetQualifyMode (wpc) & QMODE_DSD_AUDIO) ? 1 : WavpackGetBitsPerSample (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2506:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "%s", (WavpackGetMode (wpc) & MODE_FLOAT) ? "float" : "int");
data/wavpack-5.3.0/cli/wvunpack.c:2510:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "%d", WavpackGetNumChannels (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2514:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "0x%x", WavpackGetChannelMask (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2519:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "%lld",
data/wavpack-5.3.0/cli/wvunpack.c:2532:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "%s", md5_string);
data/wavpack-5.3.0/cli/wvunpack.c:2538:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "%d", WavpackGetVersion (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2542:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen (str), "0x%x", WavpackGetMode (wpc));
data/wavpack-5.3.0/cli/wvunpack.c:2613:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sanitized_tag_value) < 256)
data/wavpack-5.3.0/cli/wvunpack.c:2790:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_chars = (int) strlen (string);
data/wavpack-5.3.0/cli/wvunpack.c:2809:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_chars = (int) strlen (string);
data/wavpack-5.3.0/src/extra1.c:607:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nterms = (int) strlen ((char *) wpds->terms);
data/wavpack-5.3.0/src/extra2.c:797:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nterms = (int) strlen ((char *) wpds->terms);
data/wavpack-5.3.0/src/open_filename.c:251:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *in2filename = malloc (strlen (infilename) + 10);
data/wavpack-5.3.0/src/open_filename.c:254:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (in2filename, "c");
data/wavpack-5.3.0/src/pack.c:347:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wpmd->byte_length = (int) strlen ((char *) wpc->channel_identities);
data/wavpack-5.3.0/src/pack_utils.c:62:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (file_extension && strlen (file_extension) < sizeof (wpc->file_extension)) {
data/wavpack-5.3.0/src/pack_utils.c:63:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_to_metadata (wpc, file_extension, (uint32_t) strlen (file_extension), ID_ALT_EXTENSION);
data/wavpack-5.3.0/src/pack_utils.c:329:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen ((char *) chan_ids) > num_chans) { // can't be more than num channels!
data/wavpack-5.3.0/src/tag_utils.c:306:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen (lvalue);
data/wavpack-5.3.0/src/tag_utils.c:316:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, lvalue, size - 1);
data/wavpack-5.3.0/src/tag_utils.c:389:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen (lvalue);
data/wavpack-5.3.0/src/tag_utils.c:399:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (item, lvalue, size - 1);
data/wavpack-5.3.0/src/tag_utils.c:411:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int isize = (int) strlen (item);
ANALYSIS SUMMARY:
Hits = 888
Lines analyzed = 34635 in approximately 1.03 seconds (33637 lines/second)
Physical Source Lines of Code (SLOC) = 25135
Hits@level = [0] 224 [1] 178 [2] 575 [3] 9 [4] 126 [5] 0
Hits@level+ = [0+] 1112 [1+] 888 [2+] 710 [3+] 135 [4+] 126 [5+] 0
Hits/KSLOC@level+ = [0+] 44.2411 [1+] 35.3292 [2+] 28.2475 [3+] 5.371 [4+] 5.01293 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.