stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ableton-link-3.0.2+dfsg/src/ableton/test/serial_io/SchedulerTree.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/test/catch/CatchMain.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Tempo.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_ClientSessionTimelines.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_PingResponder.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Phase.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_HostTimeFilter.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Controller.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_StartStopState.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_CircularFifo.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_LinearRegression.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Kalman.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Timeline.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Peers.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Measurement.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Beats.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/discovery/v1/tst_Messages.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/discovery/tst_PeerGateway.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/discovery/tst_PeerGateways.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/discovery/tst_InterfaceScanner.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/discovery/tst_Payload.cpp
Examining data/ableton-link-3.0.2+dfsg/src/ableton/discovery/tst_UdpMessenger.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Jack.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_CoreAudio.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Wasapi.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Portaudio.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioEngine.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Asio.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Portaudio.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioEngine.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Jack.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Dummy.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Asio.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_Wasapi.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_CoreAudio.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/qlinkhut/Controller.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/qlinkhut/main.cpp
Examining data/ableton-link-3.0.2+dfsg/examples/qlinkhut/Controller.hpp
Examining data/ableton-link-3.0.2+dfsg/examples/linkhut/main.cpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/test/serial_io/Context.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/test/serial_io/SchedulerTree.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/test/serial_io/Fixture.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/test/serial_io/Socket.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/test/serial_io/Timer.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/test/CatchWrapper.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/posix/ScanIpIfAddrs.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/Config.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/linux/Clock.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/linux/Linux.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/windows/Clock.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/windows/ScanIpIfAddrs.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/stl/Clock.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/asio/Context.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/asio/Util.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/asio/AsioTimer.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/asio/AsioService.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/asio/LockFreeCallbackDispatcher.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/asio/AsioWrapper.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/asio/Socket.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/darwin/Clock.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/platforms/darwin/Darwin.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Timeline.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Tempo.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/MeasurementService.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/v1/Messages.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Beats.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/PayloadEntries.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Optional.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/MeasurementEndpointV4.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Controller.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Peers.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/LinearRegression.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/PeerState.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/PingResponder.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/StartStopState.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Gateway.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/NodeState.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/HostTimeFilter.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/SessionState.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Measurement.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Phase.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Sessions.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/SessionId.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/NodeId.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/GhostXForm.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/ClientSessionTimelines.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/Kalman.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/link/CircularFifo.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/Link.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/test/PayloadEntries.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/test/Interface.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/test/Socket.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/PeerGateway.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/v1/Messages.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/Payload.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/IpV4Interface.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/InterfaceScanner.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/NetworkByteStreamSerializable.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/MessageTypes.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/Service.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/PeerGateways.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/UdpMessenger.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/discovery/Socket.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/util/SafeAsyncHandler.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/util/test/IoService.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/util/test/Timer.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/util/Injected.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/util/SampleTiming.hpp
Examining data/ableton-link-3.0.2+dfsg/include/ableton/util/Log.hpp
Examining data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp

FINAL RESULTS:

data/ableton-link-3.0.2+dfsg/include/ableton/link/Controller.hpp:136:23:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    , mNodeId(NodeId::random())
data/ableton-link-3.0.2+dfsg/include/ableton/link/Controller.hpp:513:23:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    mNodeId = NodeId::random();
data/ableton-link-3.0.2+dfsg/include/ableton/link/NodeId.hpp:45:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  static NodeId random()
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Measurement.cpp:69:44:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      mState.nodeState.sessionId = NodeId::random();
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Peers.cpp:62:22:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  PeerState{{NodeId::random(), NodeId::random(),
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Peers.cpp:62:40:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  PeerState{{NodeId::random(), NodeId::random(),
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Peers.cpp:68:22:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  PeerState{{NodeId::random(), NodeId::random(),
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Peers.cpp:68:40:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  PeerState{{NodeId::random(), NodeId::random(),
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Peers.cpp:73:22:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  PeerState{{NodeId::random(), NodeId::random(),
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_Peers.cpp:73:40:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  PeerState{{NodeId::random(), NodeId::random(),
data/ableton-link-3.0.2+dfsg/src/ableton/link/tst_PingResponder.cpp:46:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        NodeId::random(),
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:8705:18:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            std::srand( config.rngSeed() );
data/ableton-link-3.0.2+dfsg/examples/linkaudio/AudioPlatform_CoreAudio.cpp:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char deviceName[512];
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:1537:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    struct TrueType { char sizer[1]; };
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:1538:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    struct FalseType { char sizer[2]; };
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:3131:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char storage[sizeof(T)];
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:6142:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        void open() {
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:6236:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                open();
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:6282:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                tracker->open();
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:6471:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char altStackMem[SIGSTKSZ];
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:7117:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char **utf8Argv = new char *[ argc ];
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:7631:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char data[bufferSize];
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:7668:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        m_ofs.open( filename.c_str() );
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:8908:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char asChar[sizeof (int)];
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:9550:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[maxDoubleSize];
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:9557:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buffer, "%.3f", duration);
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:9784:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:10364:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char timeStamp[timeStampSize];
data/ableton-link-3.0.2+dfsg/include/ableton/discovery/v1/Messages.hpp:158:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      && equal(begin(detail::kProtocolHeader), end(detail::kProtocolHeader), bytesBegin))
data/ableton-link-3.0.2+dfsg/include/ableton/link/v1/Messages.hpp:127:15:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      && std::equal(
data/ableton-link-3.0.2+dfsg/src/ableton/discovery/tst_Payload.cpp:181:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  CHECK(std::equal(begin(fooBarBytes), fooBarEnd, begin(sumBytes)));
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:7143:40:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                static_cast<void>(std::getchar());
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:7148:40:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                static_cast<void>(std::getchar());
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:8629:50:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/ableton-link-3.0.2+dfsg/third_party/catch/catch.hpp:8635:50:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());

ANALYSIS SUMMARY:

Hits = 35
Lines analyzed = 26561 in approximately 0.53 seconds (49702 lines/second)
Physical Source Lines of Code (SLOC) = 19189
Hits@level = [0]   0 [1]   7 [2]  16 [3]  12 [4]   0 [5]   0
Hits@level+ = [0+]  35 [1+]  35 [2+]  28 [3+]  12 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.82396 [1+] 1.82396 [2+] 1.45917 [3+] 0.625358 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.