Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/wsynth-dssi-0.1.3/src/xsynth_voice_render.c
Examining data/wsynth-dssi-0.1.3/src/gtkknob.c
Examining data/wsynth-dssi-0.1.3/src/gtkknob.h
Examining data/wsynth-dssi-0.1.3/src/gui_images.c
Examining data/wsynth-dssi-0.1.3/src/gui_images.h
Examining data/wsynth-dssi-0.1.3/src/wavetable.h
Examining data/wsynth-dssi-0.1.3/src/gui_callbacks.c
Examining data/wsynth-dssi-0.1.3/src/gui_callbacks.h
Examining data/wsynth-dssi-0.1.3/src/xsynth_synth.c
Examining data/wsynth-dssi-0.1.3/src/xsynth_synth.h
Examining data/wsynth-dssi-0.1.3/src/gui_friendly_patches.c
Examining data/wsynth-dssi-0.1.3/src/xsynth_types.h
Examining data/wsynth-dssi-0.1.3/src/xsynth-dssi.c
Examining data/wsynth-dssi-0.1.3/src/xsynth_voice.c
Examining data/wsynth-dssi-0.1.3/src/xsynth_voice.h
Examining data/wsynth-dssi-0.1.3/src/gui_data.c
Examining data/wsynth-dssi-0.1.3/src/gui_data.h
Examining data/wsynth-dssi-0.1.3/src/xsynth.h
Examining data/wsynth-dssi-0.1.3/src/xsynth_ports.c
Examining data/wsynth-dssi-0.1.3/src/xsynth_ports.h
Examining data/wsynth-dssi-0.1.3/src/gui_interface.c
Examining data/wsynth-dssi-0.1.3/src/gui_interface.h
Examining data/wsynth-dssi-0.1.3/src/gui_main.c
Examining data/wsynth-dssi-0.1.3/src/gui_main.h
Examining data/wsynth-dssi-0.1.3/src/xsynth_data.c
FINAL RESULTS:
data/wsynth-dssi-0.1.3/src/gui_interface.c:1590:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s - Load Patch Bank", tag);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1632:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s - Save Patch Bank", tag);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1678:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s Notice", tag);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1753:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s Load Position", tag);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1882:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s Save Range", tag);
data/wsynth-dssi-0.1.3/src/gui_interface.c:2054:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s Edit Save Position", tag);
data/wsynth-dssi-0.1.3/src/gui_interface.c:2176:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tag, instance_tag);
data/wsynth-dssi-0.1.3/src/xsynth-dssi.c:253:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, 256, fmt, args);
data/wsynth-dssi-0.1.3/src/xsynth.h:49:62: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define XDB_MESSAGE(type, fmt...) { if (XSYNTH_DEBUG & type) fprintf(stderr, "wsynth-dssi.so" fmt); }
data/wsynth-dssi-0.1.3/src/xsynth.h:50:62: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define GDB_MESSAGE(type, fmt...) { if (XSYNTH_DEBUG & type) fprintf(stderr, "Wsynth_gtk" fmt); }
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:85:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX];
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:446:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char midi[4];
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:863:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int poly = atoi(value);
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:931:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int range = atoi(value);
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:949:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[4], name[31];
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:950:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *data[2] = { number, name };
data/wsynth-dssi-0.1.3/src/gui_data.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/wsynth-dssi-0.1.3/src/gui_data.c:119:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fh = fopen(filename, "wb")) == NULL) {
data/wsynth-dssi-0.1.3/src/gui_data.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/wsynth-dssi-0.1.3/src/gui_data.c:166:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fh = fopen(filename, "rb")) == NULL) {
data/wsynth-dssi-0.1.3/src/gui_data.c:206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(patches, friendly_patches, friendly_patch_count * sizeof(xsynth_patch_t));
data/wsynth-dssi-0.1.3/src/gui_data.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&patches[i], &xsynth_init_voice, sizeof(xsynth_patch_t));
data/wsynth-dssi-0.1.3/src/gui_data.c:228:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(*ep, "%%%02x", patch->name[i]);
data/wsynth-dssi-0.1.3/src/gui_data.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[9];
data/wsynth-dssi-0.1.3/src/gui_data.c:272:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ep, "Xp0 ");
data/wsynth-dssi-0.1.3/src/gui_data.c:282:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ep, "end");
data/wsynth-dssi-0.1.3/src/gui_images.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **waveform_xpms[7] = {
data/wsynth-dssi-0.1.3/src/gui_images.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *names[8] = {
data/wsynth-dssi-0.1.3/src/gui_interface.c:2166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[50];
data/wsynth-dssi-0.1.3/src/gui_interface.c:2170:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tag, "Wsynth-DSSI");
data/wsynth-dssi-0.1.3/src/gui_main.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/wsynth-dssi-0.1.3/src/xsynth-dssi.c:250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/wsynth-dssi-0.1.3/src/xsynth_data.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], buf2[90];
data/wsynth-dssi-0.1.3/src/xsynth_data.c:179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(patch, &tmp, sizeof(xsynth_patch_t));
data/wsynth-dssi-0.1.3/src/xsynth_data.c:258:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(patches, tmp, 32 * sizeof(xsynth_patch_t));
data/wsynth-dssi-0.1.3/src/xsynth_synth.c:462:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(synth->patches, friendly_patches, friendly_patch_count * sizeof(xsynth_patch_t));
data/wsynth-dssi-0.1.3/src/xsynth_synth.c:465:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&synth->patches[i], &xsynth_init_voice, sizeof(xsynth_patch_t));
data/wsynth-dssi-0.1.3/src/xsynth_synth.c:558:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int polyphony = atoi(value);
data/wsynth-dssi-0.1.3/src/xsynth_synth.c:617:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int range = atoi(value);
data/wsynth-dssi-0.1.3/src/xsynth_synth.h:65:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char held_keys[8]; /* for monophonic key tracking, an array of note-ons, most recently received first */
data/wsynth-dssi-0.1.3/src/xsynth_synth.h:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key_pressure[128];
data/wsynth-dssi-0.1.3/src/xsynth_synth.h:79:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cc[128]; /* controller values */
data/wsynth-dssi-0.1.3/src/xsynth_voice.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[31];
data/wsynth-dssi-0.1.3/src/xsynth_voice_render.c:525:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(voice->osc_audio, voice->osc_audio + osc_index,
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:83:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (project_directory && strlen(project_directory)) {
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:84:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (project_directory[strlen(project_directory) - 1] != '/') {
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:829:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(patch->name, gtk_entry_get_text(GTK_ENTRY(name_entry)), 30);
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:832:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(patch->name);
data/wsynth-dssi-0.1.3/src/gui_callbacks.c:959:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, patches[i].name, 31);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1589:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = (char *) malloc(strlen(tag) + 19);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1631:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = (char *) malloc(strlen(tag) + 19);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1677:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = (char *) malloc(strlen(tag) + 8);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1752:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = (char *) malloc(strlen(tag) + 15);
data/wsynth-dssi-0.1.3/src/gui_interface.c:1881:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = (char *) malloc(strlen(tag) + 12);
data/wsynth-dssi-0.1.3/src/gui_interface.c:2053:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = (char *) malloc(strlen(tag) + 20);
data/wsynth-dssi-0.1.3/src/gui_interface.c:2169:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(instance_tag) == 0) {
data/wsynth-dssi-0.1.3/src/gui_interface.c:2173:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(instance_tag) > 49) {
data/wsynth-dssi-0.1.3/src/gui_interface.c:2174:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(tag, 50, "...%s", instance_tag + strlen(instance_tag) - 46); /* hope the unique info is at the end */
data/wsynth-dssi-0.1.3/src/gui_interface.c:2179:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(instance_tag) > 37) {
data/wsynth-dssi-0.1.3/src/gui_interface.c:2181:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
instance_tag + strlen(instance_tag) - 34);
data/wsynth-dssi-0.1.3/src/gui_main.c:151:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(key) == 8 && !strncmp(key, "patches", 7) &&
data/wsynth-dssi-0.1.3/src/gui_main.c:316:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
osc_self_url = osc_build_path(tmp_url, (strlen(path) > 1 ? path + 1 : path));
data/wsynth-dssi-0.1.3/src/xsynth-dssi.c:268:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(key) == 8 && !strncmp(key, "patches", 7)) {
data/wsynth-dssi-0.1.3/src/xsynth_data.c:99:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, " name %90s", buf2) != 1) return 0;
data/wsynth-dssi-0.1.3/src/xsynth_data.c:176:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, " xsynth-dssi patch %3s", buf2) != 1) return 0;
ANALYSIS SUMMARY:
Hits = 68
Lines analyzed = 8908 in approximately 0.33 seconds (26966 lines/second)
Physical Source Lines of Code (SLOC) = 6540
Hits@level = [0] 57 [1] 21 [2] 37 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 125 [1+] 68 [2+] 47 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 19.1131 [1+] 10.3976 [2+] 7.18654 [3+] 1.52905 [4+] 1.52905 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.