Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/aegisub-3.2.2+dfsg/tools/repack-thes-dict.cpp Examining data/aegisub-3.2.2+dfsg/build/wx/setup-installed.h Examining data/aegisub-3.2.2+dfsg/build/wx/stc-fi.h Examining data/aegisub-3.2.2+dfsg/build/wx/setup-build.h Examining data/aegisub-3.2.2+dfsg/build/fribidi/fribidi-config.h Examining data/aegisub-3.2.2+dfsg/build/libass/strings.h Examining data/aegisub-3.2.2+dfsg/build/libass/unistd.h Examining data/aegisub-3.2.2+dfsg/build/libass/config.h Examining data/aegisub-3.2.2+dfsg/build/scintilla/catalogue.cpp Examining data/aegisub-3.2.2+dfsg/build/boost/locale_stubs.cpp Examining data/aegisub-3.2.2+dfsg/build/fftw/config.h Examining data/aegisub-3.2.2+dfsg/build/ffmpeg/config-x86.h Examining data/aegisub-3.2.2+dfsg/build/ffmpeg/libavutil/avconfig.h Examining data/aegisub-3.2.2+dfsg/build/ffmpeg/config-x64.h Examining data/aegisub-3.2.2+dfsg/build/ffmpeg/config.h Examining data/aegisub-3.2.2+dfsg/build/zlib/zconf.h Examining data/aegisub-3.2.2+dfsg/build/freetype2/ftsystem.cpp Examining data/aegisub-3.2.2+dfsg/build/git_version.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/prcpucfg.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsLatin1Prober.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nscore.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/prtypes.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/prmem.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsSJISProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsCharSetProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/CharDistribution.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCKRProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsSJISProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/JpCntx.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/protypes.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/JpCntx.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCKRProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsSBCSGroupProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/LangThaiModel.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCJPProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsUniversalDetector.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsMBCSGroupProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/LangHungarianModel.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsSBCharSetProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsUniversalDetector.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEscSM.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsGB2312Prober.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEscCharsetProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/LangHebrewModel.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCTWProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/LangGreekModel.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsCodingStateMachine.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/LangBulgarianModel.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsCharSetProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsPkgInt.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsUTF8Prober.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsMBCSSM.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsSBCSGroupProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCJPProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/LangCyrillicModel.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsMBCSGroupProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/xpcom-config.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsHebrewProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsBig5Prober.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsGB2312Prober.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsBig5Prober.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsLatin1Prober.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCTWProber.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/CharDistribution.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsUTF8Prober.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsSBCharSetProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsError.h Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEscCharsetProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsHebrewProber.cpp Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/test_api.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/test.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/util.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/test.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/util.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/test_savebuffer.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/test_write_api.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/test/test_fwrite_api.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/luainternals.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/write.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/load.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/lualess.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/luabins.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/savebuffer.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/fwrite.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/write.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/fwrite.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/saveload.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/save.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/savebuffer.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/luabins.c Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/luaheaders.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/luainternals.h Examining data/aegisub-3.2.2+dfsg/vendor/luabins/src/lualess.c Examining data/aegisub-3.2.2+dfsg/libaegisub/lagi_pre.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/signal.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/fs.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/fs_fwd.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/util_osx.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/owning_intrusive_list.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/option_value.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ycbcr_conv.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/charset_conv.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/io.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/karaoke_matcher.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/keyframe.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/util.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/file_mapping.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/option.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/line_wrap.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/split.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/background_runner.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/scoped_ptr.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/charset_conv_win.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/color.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/charset.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/access.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/kana_table.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/cajun/reader.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/cajun/writer.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/cajun/elements.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/cajun/visitor.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/of_type_adaptor.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/spellchecker.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/mru.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/character_count.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/format_path.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/vfr.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/exception.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/time.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/uuencode.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/smpte.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/dialogue_parser.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/format.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/address_of_adaptor.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/json.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/path.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/log.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/calltip_provider.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/line_iterator.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/thesaurus.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/dispatch.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/make_unique.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/hotkey.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/format_flyweight.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/audio/provider.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/lua/script_reader.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/lua/utils.h Examining data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/lua/modules.h Examining data/aegisub-3.2.2+dfsg/libaegisub/common/util.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/dispatch.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/hotkey.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/option.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/io.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/fs.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/log.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/parser.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/color.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/thesaurus.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/parser.h Examining data/aegisub-3.2.2+dfsg/libaegisub/common/cajun/reader.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/cajun/writer.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/cajun/elements.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/ycbcr_conv.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/mru.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/calltip_provider.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/path.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/keyframe.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/json.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/vfr.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/format.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/charset_6937.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/charset_6937.h Examining data/aegisub-3.2.2+dfsg/libaegisub/common/file_mapping.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/kana_table.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/charset.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/karaoke_matcher.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/common/character_count.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/ass/time.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/ass/dialogue_parser.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/unix/util.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/unix/fs.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/unix/access.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/unix/log.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/unix/path.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_lock.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/audio/provider.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_pcm.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_ram.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_hd.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_convert.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_dummy.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/windows/charset_conv_win.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/windows/log_win.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/windows/fs.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/windows/access.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/windows/lagi_pre.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/windows/path_win.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/windows/util_win.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/re.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/unicode.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lfs.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.h Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/script_reader.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/modules.cpp Examining data/aegisub-3.2.2+dfsg/libaegisub/lua/utils.cpp Examining data/aegisub-3.2.2+dfsg/tests/support/util.cpp Examining data/aegisub-3.2.2+dfsg/tests/support/util.h Examining data/aegisub-3.2.2+dfsg/tests/support/main.h Examining data/aegisub-3.2.2+dfsg/tests/support/tests_pre.h Examining data/aegisub-3.2.2+dfsg/tests/support/main.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/util.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/hotkey.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/option.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/word_split.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/time.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/uuencode.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/line_iterator.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/fs.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/line_wrap.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/iconv.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/access.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/cajun.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/audio.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/color.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/thesaurus.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/mru.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/calltip_provider.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/path.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/keyframe.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/character_count.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/vfr.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/ifind.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/format.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/signals.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/split.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/dialogue_lexer.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/syntax_highlight.cpp Examining data/aegisub-3.2.2+dfsg/tests/tests/karaoke_matcher.cpp Examining data/aegisub-3.2.2+dfsg/src/text_selection_controller.h Examining data/aegisub-3.2.2+dfsg/src/video_frame.h Examining data/aegisub-3.2.2+dfsg/src/toolbar.cpp Examining data/aegisub-3.2.2+dfsg/src/context.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_scale.cpp Examining data/aegisub-3.2.2+dfsg/src/spline_curve.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_file.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_mkv.h Examining data/aegisub-3.2.2+dfsg/src/ffmpegsource_common.h Examining data/aegisub-3.2.2+dfsg/src/auto4_lua_progresssink.cpp Examining data/aegisub-3.2.2+dfsg/src/preferences_base.h Examining data/aegisub-3.2.2+dfsg/src/subs_preview.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_txt.cpp Examining data/aegisub-3.2.2+dfsg/src/string_codec.h Examining data/aegisub-3.2.2+dfsg/src/video_provider_ffmpegsource.cpp Examining data/aegisub-3.2.2+dfsg/src/gl/glext.h Examining data/aegisub-3.2.2+dfsg/src/dialog_export_ebu3264.cpp Examining data/aegisub-3.2.2+dfsg/src/hotkey.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_style_storage.h Examining data/aegisub-3.2.2+dfsg/src/subs_edit_box.h Examining data/aegisub-3.2.2+dfsg/src/export_fixstyle.h Examining data/aegisub-3.2.2+dfsg/src/audio_timing_dialogue.cpp Examining data/aegisub-3.2.2+dfsg/src/retina_helper.h Examining data/aegisub-3.2.2+dfsg/src/avisynth_wrap.cpp Examining data/aegisub-3.2.2+dfsg/src/agi_pre.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ttxt.h Examining data/aegisub-3.2.2+dfsg/src/video_controller.h Examining data/aegisub-3.2.2+dfsg/src/audio_timing_karaoke.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_dummy_video.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_box.h Examining data/aegisub-3.2.2+dfsg/src/subs_controller.h Examining data/aegisub-3.2.2+dfsg/src/help_button.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_txt.h Examining data/aegisub-3.2.2+dfsg/src/text_file_reader.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_colorpicker.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_log.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_info.h Examining data/aegisub-3.2.2+dfsg/src/time_range.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_encore.h Examining data/aegisub-3.2.2+dfsg/src/resolution_resampler.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_video_details.cpp Examining data/aegisub-3.2.2+dfsg/src/export_fixstyle.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_file.h Examining data/aegisub-3.2.2+dfsg/src/ass_style.cpp Examining data/aegisub-3.2.2+dfsg/src/pen.h Examining data/aegisub-3.2.2+dfsg/src/timeedit_ctrl.cpp Examining data/aegisub-3.2.2+dfsg/src/crash_writer.h Examining data/aegisub-3.2.2+dfsg/src/avisynth_wrap.h Examining data/aegisub-3.2.2+dfsg/src/ass_parser.h Examining data/aegisub-3.2.2+dfsg/src/dialog_paste_over.h Examining data/aegisub-3.2.2+dfsg/src/video_out_gl.h Examining data/aegisub-3.2.2+dfsg/src/ass_override.h Examining data/aegisub-3.2.2+dfsg/src/dialog_selected_choices.cpp Examining data/aegisub-3.2.2+dfsg/src/charset_detect.h Examining data/aegisub-3.2.2+dfsg/src/preferences.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_rotatexy.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_controller.cpp Examining data/aegisub-3.2.2+dfsg/src/gl_text.h Examining data/aegisub-3.2.2+dfsg/src/async_video_provider.cpp Examining data/aegisub-3.2.2+dfsg/src/frame_main.cpp Examining data/aegisub-3.2.2+dfsg/src/initial_line_state.cpp Examining data/aegisub-3.2.2+dfsg/src/font_file_lister.h Examining data/aegisub-3.2.2+dfsg/src/aegisublocale.h Examining data/aegisub-3.2.2+dfsg/src/auto4_base.h Examining data/aegisub-3.2.2+dfsg/src/gl_wrap.h Examining data/aegisub-3.2.2+dfsg/src/audio_player_portaudio.h Examining data/aegisub-3.2.2+dfsg/src/dialog_about.cpp Examining data/aegisub-3.2.2+dfsg/src/text_file_writer.h Examining data/aegisub-3.2.2+dfsg/src/audio_display.h Examining data/aegisub-3.2.2+dfsg/src/dialogs.h Examining data/aegisub-3.2.2+dfsg/src/export_framerate.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_transtation.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_renderer.cpp Examining data/aegisub-3.2.2+dfsg/src/font_file_lister_fontconfig.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_renderer.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool_cross.h Examining data/aegisub-3.2.2+dfsg/src/ass_exporter.h Examining data/aegisub-3.2.2+dfsg/src/audio_player.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_dialogue.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_display.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_selection.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_progress.cpp Examining data/aegisub-3.2.2+dfsg/src/toggle_bitmap.cpp Examining data/aegisub-3.2.2+dfsg/src/fft.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_drag.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_cross.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_renderer_spectrum.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_karaoke.cpp Examining data/aegisub-3.2.2+dfsg/src/help_button.h Examining data/aegisub-3.2.2+dfsg/src/audio_marker.h Examining data/aegisub-3.2.2+dfsg/src/gl_wrap.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_paste_over.cpp Examining data/aegisub-3.2.2+dfsg/src/block_cache.h Examining data/aegisub-3.2.2+dfsg/src/vector2d.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_progress.h Examining data/aegisub-3.2.2+dfsg/src/hotkey_data_view_model.cpp Examining data/aegisub-3.2.2+dfsg/src/video_controller.cpp Examining data/aegisub-3.2.2+dfsg/src/preferences_base.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_fonts_collector.cpp Examining data/aegisub-3.2.2+dfsg/src/video_provider_avs.cpp Examining data/aegisub-3.2.2+dfsg/src/thesaurus.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_version_check.cpp Examining data/aegisub-3.2.2+dfsg/src/vector2d.h Examining data/aegisub-3.2.2+dfsg/src/dialog_styling_assistant.h Examining data/aegisub-3.2.2+dfsg/src/agi_pre.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool.cpp Examining data/aegisub-3.2.2+dfsg/src/main.h Examining data/aegisub-3.2.2+dfsg/src/dialog_detached_video.h Examining data/aegisub-3.2.2+dfsg/src/audio_player_alsa.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_text_import.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_entry.h Examining data/aegisub-3.2.2+dfsg/src/video_slider.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.h Examining data/aegisub-3.2.2+dfsg/src/string_codec.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_export_filter.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_player_openal.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_kara_timing_copy.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format.cpp Examining data/aegisub-3.2.2+dfsg/src/mkv_wrap.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_export_ebu3264.h Examining data/aegisub-3.2.2+dfsg/src/selection_controller.h Examining data/aegisub-3.2.2+dfsg/src/dialog_translation.h Examining data/aegisub-3.2.2+dfsg/src/grid_column.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool_clip.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_drag.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ssa.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_player_dsound.cpp Examining data/aegisub-3.2.2+dfsg/src/subs_controller.cpp Examining data/aegisub-3.2.2+dfsg/src/options.h Examining data/aegisub-3.2.2+dfsg/src/async_video_provider.h Examining data/aegisub-3.2.2+dfsg/src/subtitles_provider_libass.h Examining data/aegisub-3.2.2+dfsg/src/subtitles_provider.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_provider_factory.h Examining data/aegisub-3.2.2+dfsg/src/tooltip_manager.cpp Examining data/aegisub-3.2.2+dfsg/src/frame_main.h Examining data/aegisub-3.2.2+dfsg/src/compat.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_attachment.h Examining data/aegisub-3.2.2+dfsg/src/dialog_video_properties.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_microdvd.h Examining data/aegisub-3.2.2+dfsg/src/compat.h Examining data/aegisub-3.2.2+dfsg/src/subtitles_provider_csri.cpp Examining data/aegisub-3.2.2+dfsg/src/video_provider_dummy.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/audio_player.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/menu.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/subtitles_provider.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/spellchecker.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/toolbar.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/video_provider.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/hotkey.h Examining data/aegisub-3.2.2+dfsg/src/include/aegisub/context.h Examining data/aegisub-3.2.2+dfsg/src/audio_karaoke.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool.h Examining data/aegisub-3.2.2+dfsg/src/validators.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_microdvd.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_search_replace.cpp Examining data/aegisub-3.2.2+dfsg/src/version.h Examining data/aegisub-3.2.2+dfsg/src/audio_box.cpp Examining data/aegisub-3.2.2+dfsg/src/crash_writer_minidump.cpp Examining data/aegisub-3.2.2+dfsg/src/text_file_reader.h Examining data/aegisub-3.2.2+dfsg/src/hotkey_data_view_model.h Examining data/aegisub-3.2.2+dfsg/src/gl_text.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_styling_assistant.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ssa.h Examining data/aegisub-3.2.2+dfsg/src/dialog_style_editor.cpp Examining data/aegisub-3.2.2+dfsg/src/spline_curve.h Examining data/aegisub-3.2.2+dfsg/src/persist_location.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_jumpto.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_colorscheme.h Examining data/aegisub-3.2.2+dfsg/src/audio_player_oss.cpp Examining data/aegisub-3.2.2+dfsg/src/spellchecker.cpp Examining data/aegisub-3.2.2+dfsg/src/timeedit_ctrl.h Examining data/aegisub-3.2.2+dfsg/src/spline.h Examining data/aegisub-3.2.2+dfsg/src/video_provider_manager.h Examining data/aegisub-3.2.2+dfsg/src/audio_rendering_style.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ass.cpp Examining data/aegisub-3.2.2+dfsg/src/auto4_base.cpp Examining data/aegisub-3.2.2+dfsg/src/subs_edit_box.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format.h Examining data/aegisub-3.2.2+dfsg/src/video_box.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_srt.cpp Examining data/aegisub-3.2.2+dfsg/src/search_replace_engine.cpp Examining data/aegisub-3.2.2+dfsg/src/mkv_wrap.h Examining data/aegisub-3.2.2+dfsg/src/font_file_lister.cpp Examining data/aegisub-3.2.2+dfsg/src/pen.cpp Examining data/aegisub-3.2.2+dfsg/src/auto4_lua_factory.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool_rotatez.h Examining data/aegisub-3.2.2+dfsg/src/command/automation.cpp Examining data/aegisub-3.2.2+dfsg/src/command/time.cpp Examining data/aegisub-3.2.2+dfsg/src/command/tool.cpp Examining data/aegisub-3.2.2+dfsg/src/command/subtitle.cpp Examining data/aegisub-3.2.2+dfsg/src/command/help.cpp Examining data/aegisub-3.2.2+dfsg/src/command/recent.cpp Examining data/aegisub-3.2.2+dfsg/src/command/vis_tool.cpp Examining data/aegisub-3.2.2+dfsg/src/command/grid.cpp Examining data/aegisub-3.2.2+dfsg/src/command/command.cpp Examining data/aegisub-3.2.2+dfsg/src/command/command.h Examining data/aegisub-3.2.2+dfsg/src/command/app.cpp Examining data/aegisub-3.2.2+dfsg/src/command/audio.cpp Examining data/aegisub-3.2.2+dfsg/src/command/keyframe.cpp Examining data/aegisub-3.2.2+dfsg/src/command/timecode.cpp Examining data/aegisub-3.2.2+dfsg/src/command/video.cpp Examining data/aegisub-3.2.2+dfsg/src/command/edit.cpp Examining data/aegisub-3.2.2+dfsg/src/spellchecker_hunspell.cpp Examining data/aegisub-3.2.2+dfsg/src/persist_location.h Examining data/aegisub-3.2.2+dfsg/src/video_out_gl.cpp Examining data/aegisub-3.2.2+dfsg/src/preferences.h Examining data/aegisub-3.2.2+dfsg/src/project.cpp Examining data/aegisub-3.2.2+dfsg/src/video_provider_yuv4mpeg.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_resample.cpp Examining data/aegisub-3.2.2+dfsg/src/factory_manager.h Examining data/aegisub-3.2.2+dfsg/src/audio_player_dsound2.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitles_provider_csri.h Examining data/aegisub-3.2.2+dfsg/src/video_display.cpp Examining data/aegisub-3.2.2+dfsg/src/subs_preview.cpp Examining data/aegisub-3.2.2+dfsg/src/format.h Examining data/aegisub-3.2.2+dfsg/src/dialog_detached_video.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_style_editor.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_srt.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool_clip.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ass.h Examining data/aegisub-3.2.2+dfsg/src/placeholder_ctrl.h Examining data/aegisub-3.2.2+dfsg/src/dialog_search_replace.h Examining data/aegisub-3.2.2+dfsg/src/ass_style.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool_vector_clip.h Examining data/aegisub-3.2.2+dfsg/src/spellchecker_hunspell.h Examining data/aegisub-3.2.2+dfsg/src/ass_karaoke.h Examining data/aegisub-3.2.2+dfsg/src/dialog_timing_processor.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_autosave.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_spellchecker.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_style_storage.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_renderer_waveform.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_vector_clip.cpp Examining data/aegisub-3.2.2+dfsg/src/grid_column.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_timing.h Examining data/aegisub-3.2.2+dfsg/src/ass_entry.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_encore.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_override.cpp Examining data/aegisub-3.2.2+dfsg/src/initial_line_state.h Examining data/aegisub-3.2.2+dfsg/src/colorspace.cpp Examining data/aegisub-3.2.2+dfsg/src/libresrc/libresrc.cpp Examining data/aegisub-3.2.2+dfsg/src/libresrc/libresrc.h Examining data/aegisub-3.2.2+dfsg/src/crash_writer.cpp Examining data/aegisub-3.2.2+dfsg/src/text_selection_controller.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_feature.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_translation.cpp Examining data/aegisub-3.2.2+dfsg/src/tooltip_manager.h Examining data/aegisub-3.2.2+dfsg/src/auto4_lua_assfile.cpp Examining data/aegisub-3.2.2+dfsg/src/base_grid.h Examining data/aegisub-3.2.2+dfsg/src/thesaurus.h Examining data/aegisub-3.2.2+dfsg/src/visual_tool_scale.h Examining data/aegisub-3.2.2+dfsg/src/ass_parser.cpp Examining data/aegisub-3.2.2+dfsg/src/spline.cpp Examining data/aegisub-3.2.2+dfsg/src/export_framerate.h Examining data/aegisub-3.2.2+dfsg/src/fft.h Examining data/aegisub-3.2.2+dfsg/src/audio_player_portaudio.cpp Examining data/aegisub-3.2.2+dfsg/src/video_slider.h Examining data/aegisub-3.2.2+dfsg/src/audio_marker.cpp Examining data/aegisub-3.2.2+dfsg/src/MatroskaParser.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_mkv.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_dialogue.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ttxt.cpp Examining data/aegisub-3.2.2+dfsg/src/colorspace.h Examining data/aegisub-3.2.2+dfsg/src/dialog_shift_times.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_manager.h Examining data/aegisub-3.2.2+dfsg/src/resolution_resampler.h Examining data/aegisub-3.2.2+dfsg/src/audio_karaoke.cpp Examining data/aegisub-3.2.2+dfsg/src/video_box.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_rotatez.cpp Examining data/aegisub-3.2.2+dfsg/src/video_provider_manager.cpp Examining data/aegisub-3.2.2+dfsg/src/visual_tool_rotatexy.h Examining data/aegisub-3.2.2+dfsg/src/ass_attachment.cpp Examining data/aegisub-3.2.2+dfsg/src/search_replace_engine.h Examining data/aegisub-3.2.2+dfsg/src/selection_controller.cpp Examining data/aegisub-3.2.2+dfsg/src/charset_detect.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_renderer_spectrum.h Examining data/aegisub-3.2.2+dfsg/src/audio_renderer_waveform.h Examining data/aegisub-3.2.2+dfsg/src/colour_button.h Examining data/aegisub-3.2.2+dfsg/src/visual_feature.h Examining data/aegisub-3.2.2+dfsg/src/audio_provider_factory.cpp Examining data/aegisub-3.2.2+dfsg/src/project.h Examining data/aegisub-3.2.2+dfsg/src/avisynth.h Examining data/aegisub-3.2.2+dfsg/src/auto4_lua.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_provider_avs.cpp Examining data/aegisub-3.2.2+dfsg/src/ass_export_filter.h Examining data/aegisub-3.2.2+dfsg/src/audio_controller.h Examining data/aegisub-3.2.2+dfsg/src/toggle_bitmap.h Examining data/aegisub-3.2.2+dfsg/src/video_provider_cache.cpp Examining data/aegisub-3.2.2+dfsg/src/subs_edit_ctrl.h Examining data/aegisub-3.2.2+dfsg/src/ass_exporter.cpp Examining data/aegisub-3.2.2+dfsg/src/MatroskaParser.c Examining data/aegisub-3.2.2+dfsg/src/audio_colorscheme.cpp Examining data/aegisub-3.2.2+dfsg/src/auto4_lua.h Examining data/aegisub-3.2.2+dfsg/src/base_grid.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_provider_ffmpegsource.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp Examining data/aegisub-3.2.2+dfsg/src/audio_player_pulse.cpp Examining data/aegisub-3.2.2+dfsg/src/video_display.h Examining data/aegisub-3.2.2+dfsg/src/subtitle_format_transtation.h Examining data/aegisub-3.2.2+dfsg/src/text_file_writer.cpp Examining data/aegisub-3.2.2+dfsg/src/version.cpp Examining data/aegisub-3.2.2+dfsg/src/menu.cpp Examining data/aegisub-3.2.2+dfsg/src/aegisublocale.cpp Examining data/aegisub-3.2.2+dfsg/src/auto4_lua_dialog.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_attachments.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_automation.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_export.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_properties.cpp Examining data/aegisub-3.2.2+dfsg/src/dialog_style_manager.cpp Examining data/aegisub-3.2.2+dfsg/src/ffmpegsource_common.cpp Examining data/aegisub-3.2.2+dfsg/src/main.cpp Examining data/aegisub-3.2.2+dfsg/src/utils.h Examining data/aegisub-3.2.2+dfsg/src/validators.cpp Examining data/aegisub-3.2.2+dfsg/src/utils.cpp Examining data/aegisub-3.2.2+dfsg/src/subs_edit_ctrl.cpp Examining data/aegisub-3.2.2+dfsg/src/colour_button.cpp Examining data/aegisub-3.2.2+dfsg/src/subtitles_provider_libass.cpp Examining data/aegisub-3.2.2+dfsg/src/video_frame.cpp Examining data/aegisub-3.2.2+dfsg/src/video_provider_dummy.cpp Examining data/aegisub-3.2.2+dfsg/automation/tests/aegisub.cpp FINAL RESULTS: data/aegisub-3.2.2+dfsg/libaegisub/common/fs.cpp:28:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. namespace ec = boost::system::errc; data/aegisub-3.2.2+dfsg/libaegisub/common/fs.cpp:34:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; \ data/aegisub-3.2.2+dfsg/libaegisub/common/fs.cpp:64:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; \ data/aegisub-3.2.2+dfsg/libaegisub/unix/access.cpp:62:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. file_status = access(file.c_str(), R_OK); data/aegisub-3.2.2+dfsg/libaegisub/unix/access.cpp:67:17: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. file_status = access(file.c_str(), W_OK); data/aegisub-3.2.2+dfsg/libaegisub/unix/fs.cpp:55:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/aegisub-3.2.2+dfsg/libaegisub/windows/access.cpp:40:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. DWORD access; data/aegisub-3.2.2+dfsg/libaegisub/windows/access.cpp:42:97: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if(!AccessCheck(sd, client_token, access_check, &generic_mapping, &priv_set, &priv_set_size, &access, &access_ok)) data/aegisub-3.2.2+dfsg/libaegisub/windows/access.cpp:44:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return !!access; data/aegisub-3.2.2+dfsg/src/gl/glext.h:5227:59: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. GLAPI GLvoid* APIENTRY glMapBuffer (GLenum target, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:5247:71: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERPROC) (GLenum target, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:6042:62: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. GLAPI GLvoid* APIENTRY glMapBufferARB (GLenum target, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:6054:74: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERARBPROC) (GLenum target, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:6323:104: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. GLAPI GLvoid* APIENTRY glMapBufferRange (GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:6326:116: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERRANGEPROC) (GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:9713:67: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. GLAPI GLvoid* APIENTRY glMapNamedBufferEXT (GLuint buffer, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:9900:79: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typedef GLvoid* (APIENTRYP PFNGLMAPNAMEDBUFFEREXTPROC) (GLuint buffer, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:10157:67: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. GLAPI void APIENTRY glMakeBufferResidentNV (GLenum target, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:10160:72: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. GLAPI void APIENTRY glMakeNamedBufferResidentNV (GLuint buffer, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:10172:79: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typedef void (APIENTRYP PFNGLMAKEBUFFERRESIDENTNVPROC) (GLenum target, GLenum access); data/aegisub-3.2.2+dfsg/src/gl/glext.h:10175:84: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typedef void (APIENTRYP PFNGLMAKENAMEDBUFFERRESIDENTNVPROC) (GLuint buffer, GLenum access); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:530:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:530:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/aegisub-3.2.2+dfsg/src/subtitles_provider_libass.cpp:83:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, args); data/aegisub-3.2.2+dfsg/vendor/luabins/src/load.c:16:20: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define XSPAM(a) printf a data/aegisub-3.2.2+dfsg/vendor/luabins/src/load.c:22:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define SPAM(a) printf a data/aegisub-3.2.2+dfsg/vendor/luabins/src/save.c:17:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define SPAM(a) printf a data/aegisub-3.2.2+dfsg/vendor/luabins/src/savebuffer.c:15:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define SPAM(a) printf a data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/line_iterator.h:146:12: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. stream->setstate(std::ios::eofbit); data/aegisub-3.2.2+dfsg/libaegisub/unix/path.cpp:28:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *env = getenv("HOME"); data/aegisub-3.2.2+dfsg/libaegisub/unix/path.cpp:31:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("USER")) || (env = getenv("LOGNAME"))) { data/aegisub-3.2.2+dfsg/libaegisub/unix/path.cpp:31:39: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("USER")) || (env = getenv("LOGNAME"))) { data/aegisub-3.2.2+dfsg/src/avisynth_wrap.cpp:55:10: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hLib = LoadLibrary(L"avisynth.dll"); data/aegisub-3.2.2+dfsg/src/crash_writer_minidump.cpp:64:17: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. auto module = LoadLibrary(L"dbghelp.dll"); data/aegisub-3.2.2+dfsg/src/main.cpp:240:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(nullptr)); data/aegisub-3.2.2+dfsg/tests/support/main.cpp:35:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(nullptr)); data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_hd.cpp:48:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, file.read(start, count), count); data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_pcm.cpp:52:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(write_buf, file.read(ip.start_byte + read_offset * bps, bytes), bytes); data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_ram.cpp:84:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(charbuf, &blockcache[i][start_offset], read_size); data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[8]; data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:112:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bom[8]; data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:127:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuff[4]; data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char invalidRep[8]; data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[8]; data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:310:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:381:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/aegisub-3.2.2+dfsg/libaegisub/common/thesaurus.cpp:48:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). offsets[line.substr(0, pos)] = static_cast<size_t>(atoi(line.c_str() + pos + 1)); data/aegisub-3.2.2+dfsg/libaegisub/common/thesaurus.cpp:81:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int meanings = atoi(header[1].c_str()); data/aegisub-3.2.2+dfsg/libaegisub/common/util.cpp:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[65536]; data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/uuencode.h:41:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src[3] = { '\0', '\0', '\0' }; data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/uuencode.h:42:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src, &data[pos], std::min<size_t>(3u, size - pos)); data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/uuencode.h:44:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dst[4] = { data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/ass/uuencode.h:73:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src[4] = { '\0', '\0', '\0', '\0' }; data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/line_iterator.h:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/log.h:125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2048]; data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c:381:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newc, cap, captop * sizeof(Capture)); data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c:399:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstack, stack, n * sizeof(Stack)); data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c:981:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define copypatt(p1,p2,sz) memcpy(p1, p2, (sz) * sizeof(Instruction)); data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c:1805:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p[2].buff, ud, l); data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c:2018:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). assert(captype(open) == Cruntime); data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c:2021:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cs.ocap = ocap; cs.cap = open; cs.L = L; data/aegisub-3.2.2+dfsg/libaegisub/lua/modules/lpeg.c:2029:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return close - open; data/aegisub-3.2.2+dfsg/libaegisub/unix/fs.cpp:38:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(file.c_str(), O_CREAT | O_APPEND | O_WRONLY, 0644); data/aegisub-3.2.2+dfsg/libaegisub/windows/log_win.cpp:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[65536]; data/aegisub-3.2.2+dfsg/libaegisub/windows/path_win.cpp:33:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t path[MAX_PATH+1] = {0}; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:99:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst,src,len+1); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:149:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[IBSZ]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:157:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errmsg[128]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:235:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[21]; /* enough for 64 bit ints */ data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:556:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, mf->inbuf + mf->bufpos, nb); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:865:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void readLangCC(MatroskaFile *mf, uint64_t len, char lcc[4]) { data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1251:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dst,*src,l); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1501:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp,&t,sizeof(*tp)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1505:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp->CodecPrivate,cp,cplen); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1510:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp->CompMethodPrivate, cs, cslen); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1519:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp->Language, "eng", 4); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1568:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mf->jb,&jb,sizeof(jb)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1620:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(AGET(mf,Cues),&cc,sizeof(cc)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1624:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mf->jb,&jb,sizeof(jb)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1668:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa,&a,sizeof(a)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1997:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mf->jb,&jb,sizeof(jb)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:2074:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mf->jb,&jb,sizeof(jb)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:2456:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mf->jb,&jb,sizeof(jb)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:2603:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mf->jb,&jb,sizeof(jb)); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:2902:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char m_seendf[MAX_TRACKS]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:3184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frame_buffer[2048]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:3187:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char decoded_buffer[2048]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:3192:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errmsg[128]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:3278:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, cs->decoded_buffer + cs->decoded_ptr, todo); data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Language[4]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:161:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char UID[16]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:162:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char PrevUID[16]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NextUID[16]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:191:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Language[4]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:192:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Country[4]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char SegmentUID[16]; data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:247:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Language[4]; data/aegisub-3.2.2+dfsg/src/ass_file.cpp:121:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(GetScriptInfo(key).c_str()); data/aegisub-3.2.2+dfsg/src/ass_override.cpp:92:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(Get<std::string>().c_str()); data/aegisub-3.2.2+dfsg/src/audio_player_oss.cpp:153:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dspdev = ::open(device.utf8_str(), O_WRONLY, 0); data/aegisub-3.2.2+dfsg/src/audio_provider_avs.cpp:79:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * argnames[3] = { 0, "video", "audio" }; data/aegisub-3.2.2+dfsg/src/audio_provider_ffmpegsource.cpp:51:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mutable char FFMSErrMsg[1024]; ///< FFMS error message data/aegisub-3.2.2+dfsg/src/auto4_lua_dialog.cpp:253:76: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). void UnserialiseValue(const std::string &serialised) override { value = atoi(serialised.c_str()); } data/aegisub-3.2.2+dfsg/src/avisynth.h:571:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this, src, sizeof(AVSValue)); data/aegisub-3.2.2+dfsg/src/crash_writer_minidump.cpp:38:1: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t crash_dump_path[MAX_PATH]; data/aegisub-3.2.2+dfsg/src/dialog_colorpicker.cpp:533:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rgb[3]; data/aegisub-3.2.2+dfsg/src/dialog_colorpicker.cpp:536:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slid + y * slider_width * 3 + x * 3, rgb, 3); data/aegisub-3.2.2+dfsg/src/dialog_colorpicker.cpp:889:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char colors[2][3]; data/aegisub-3.2.2+dfsg/src/dialog_version_check.cpp:267:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128] = { 0 }; data/aegisub-3.2.2+dfsg/src/dialog_version_check.cpp:328:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(parsed[1].c_str()) <= GetSVNRevision()) data/aegisub-3.2.2+dfsg/src/ffmpegsource_common.cpp:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char FFMSErrMsg[1024]; data/aegisub-3.2.2+dfsg/src/font_file_lister.cpp:43:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/aegisub-3.2.2+dfsg/src/main.cpp:130:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[8]; data/aegisub-3.2.2+dfsg/src/mkv_wrap.cpp:72:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, self->file.read(pos, count), count); data/aegisub-3.2.2+dfsg/src/mkv_wrap.cpp:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[2048]; data/aegisub-3.2.2+dfsg/src/mkv_wrap.cpp:256:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[2048]; data/aegisub-3.2.2+dfsg/src/subs_edit_box.cpp:261:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int value = agi::util::mid(0, atoi(ctrl->GetValue().utf8_str()), 9999); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cpn[3]; ///< code page number data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dfc[8]; ///< disk format code data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:52:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cct[2]; ///< character code table number data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lc[2]; ///< language code data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opt[32]; ///< original programme title data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oet[32]; ///< original episode title data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tpt[32]; ///< translated programme title data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tet[32]; ///< translated episode title data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tn[32]; ///< translator name data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcd[32]; ///< translator contact details data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slr[16]; ///< subtitle list reference code data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cd[6]; ///< creation date data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rd[6]; ///< revision date data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rn[2]; ///< revision number data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tnb[5]; ///< total number of TTI blocks data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tns[5]; ///< total number of subtitles data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tng[3]; ///< total number of subtitle groups data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mnc[2]; ///< maximum number of displayable characters in a row data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mnr[2]; ///< maximum number of displayable rows data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcp[8]; ///< time code: start of programme data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcf[8]; ///< time code: first in-cue data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char co[3]; ///< country of origin data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pub[32]; ///< publisher data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char en[32]; ///< editor's name data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ecd[32]; ///< editor's contact details data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused[75]; data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uda[576]; ///< user defined area data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tf[112]; ///< text field data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:543:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.cpn, "850", 3); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:548:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.dfc, "STL24.01", 8); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:553:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.dfc, "STL30.01", 8); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:557:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.dfc, "STL25.01", 8); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:564:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.cct, "U8", 2); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:565:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.lc, "00", 2); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:569:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:574:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.slr, buf, 16); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:576:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.cd, buf, 6); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:577:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.rd, buf, 6); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:578:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.rn, "00", 2); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:579:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.tng, "001", 3); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:581:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.mnr, "99", 2); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:588:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsi.co, "NTZ", 3); // neutral zone! data/aegisub-3.2.2+dfsg/src/subtitles_provider_libass.cpp:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/aegisub-3.2.2+dfsg/src/utils.cpp:242:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/aegisub-3.2.2+dfsg/src/video_provider_avs.cpp:205:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argnames[2] = { 0, "matrix" }; data/aegisub-3.2.2+dfsg/src/video_provider_avs.cpp:229:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argnames[2] = { 0, "audio" }; data/aegisub-3.2.2+dfsg/src/video_provider_avs.cpp:299:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argnames[3] = { 0, "video", "audio" }; data/aegisub-3.2.2+dfsg/src/video_provider_ffmpegsource.cpp:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char FFMSErrMsg[1024]; ///< FFMS error message data/aegisub-3.2.2+dfsg/tests/tests/audio.cpp:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1024]; data/aegisub-3.2.2+dfsg/tests/tests/audio.cpp:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1024]; data/aegisub-3.2.2+dfsg/tests/tests/audio.cpp:339:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[1000]; data/aegisub-3.2.2+dfsg/tests/tests/hotkey.cpp:215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[sizeof(simple_valid)]; data/aegisub-3.2.2+dfsg/tests/tests/iconv.cpp:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[32]; data/aegisub-3.2.2+dfsg/tools/repack-thes-dict.cpp:64:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dat->seekg(atoi(chunks[1].c_str())); data/aegisub-3.2.2+dfsg/tools/repack-thes-dict.cpp:71:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int meanings = atoi(header[1].c_str()); data/aegisub-3.2.2+dfsg/vendor/luabins/src/load.c:100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, pos, len); data/aegisub-3.2.2+dfsg/vendor/luabins/src/savebuffer.c:132:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sb->buffer[sb->end], bytes, length); data/aegisub-3.2.2+dfsg/vendor/luabins/src/savebuffer.c:189:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sb->buffer[offset], bytes, length); data/aegisub-3.2.2+dfsg/vendor/luabins/test/test_fwrite_api.c:98:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). FILE * f = tmpfile(); data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsBig5Prober.h:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCJPProber.h:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCKRProber.h:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsEUCTWProber.h:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsGB2312Prober.h:69:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/aegisub-3.2.2+dfsg/vendor/universalchardet/nsSJISProber.h:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/aegisub-3.2.2+dfsg/build/freetype2/ftsystem.cpp:54:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file.read((char *)stream->base, stream->size); data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_hd.cpp:48:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(buf, file.read(start, count), count); data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_pcm.cpp:52:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(write_buf, file.read(ip.start_byte + read_offset * bps, bytes), bytes); data/aegisub-3.2.2+dfsg/libaegisub/audio/provider_pcm.cpp:72:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto data = file.read(file_pos, sizeof(T)); data/aegisub-3.2.2+dfsg/libaegisub/common/calltip_provider.cpp:191:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret.highlight_end = strlen(proto->args); data/aegisub-3.2.2+dfsg/libaegisub/common/calltip_provider.cpp:205:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret.highlight_end = strlen(proto->args) - 1; // -1 for close paren data/aegisub-3.2.2+dfsg/libaegisub/common/charset.cpp:61:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto buf = fp.read(offset, read); data/aegisub-3.2.2+dfsg/libaegisub/common/charset.cpp:61:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto buf = fp.read(offset, read); data/aegisub-3.2.2+dfsg/libaegisub/common/charset.cpp:62:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). HandleData(buf, (PRUint32)read); data/aegisub-3.2.2+dfsg/libaegisub/common/charset.cpp:63:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). offset += read; data/aegisub-3.2.2+dfsg/libaegisub/common/charset.cpp:67:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (size_t i = 0; i < read; ++i) { data/aegisub-3.2.2+dfsg/libaegisub/common/charset_conv.cpp:418:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(str); data/aegisub-3.2.2+dfsg/libaegisub/common/file_mapping.cpp:131:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *read_file_mapping::read() { data/aegisub-3.2.2+dfsg/libaegisub/common/file_mapping.cpp:132:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(0, size()); data/aegisub-3.2.2+dfsg/libaegisub/common/file_mapping.cpp:135:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *read_file_mapping::read(int64_t offset, uint64_t length) { data/aegisub-3.2.2+dfsg/libaegisub/common/file_mapping.cpp:165:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *temp_file_mapping::read(int64_t offset, uint64_t length) { data/aegisub-3.2.2+dfsg/libaegisub/common/karaoke_matcher.cpp:117:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src = src.substr(strlen(kp.romaji)); data/aegisub-3.2.2+dfsg/libaegisub/common/path.cpp:51:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp(str, tokens[idx], strlen(tokens[idx])) == 0 ? idx : -1; data/aegisub-3.2.2+dfsg/libaegisub/common/path.cpp:67:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (paths[idx]/path.substr(strlen(tokens[idx]))).make_preferred(); data/aegisub-3.2.2+dfsg/libaegisub/common/path.cpp:132:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int idx = find_token(token_name, strlen(token_name)); data/aegisub-3.2.2+dfsg/libaegisub/common/thesaurus.cpp:35:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). boost::interprocess::ibufferstream idx(idx_file.read(), static_cast<size_t>(idx_file.size())); data/aegisub-3.2.2+dfsg/libaegisub/common/thesaurus.cpp:63:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto buff = dat->read(it->second, len); data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/file_mapping.h:46:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *read(int64_t offset, uint64_t length); data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/file_mapping.h:47:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *read(); // Map the entire file data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/file_mapping.h:63:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *read(int64_t offset, uint64_t length); data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/line_iterator.h:142:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < (std::streamsize)width) { data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/line_iterator.h:143:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (int i = 0; i < read; i++) { data/aegisub-3.2.2+dfsg/libaegisub/include/libaegisub/line_iterator.h:151:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (int i = 0; i < read; i++) { data/aegisub-3.2.2+dfsg/libaegisub/lua/script_reader.cpp:38:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto buff = file.read(); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:94:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:524:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rd = mf->cache->read(mf->cache, mf->bufbase, mf->inbuf, IBSZ); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:565:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nb = mf->cache->read(mf->cache, mf->bufbase, cp, len); data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1250:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(*src)+1; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1493:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpadd += strlen(t.Name)+1; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:1495:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpadd += strlen(t.CodecID)+1; data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:2244:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mf->cache->read(mf->cache,v,NULL,0); // touch page data/aegisub-3.2.2+dfsg/src/MatroskaParser.c:3294:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cs->mf->cache->read(cs->mf->cache, cs->frame_pos, cs->frame_buffer, todo) != (int)todo) { data/aegisub-3.2.2+dfsg/src/MatroskaParser.h:74:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(struct InputStream *cc,uint64_t pos,void *buffer,int count); data/aegisub-3.2.2+dfsg/src/ass_attachment.cpp:50:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto buff = file.read(); data/aegisub-3.2.2+dfsg/src/ass_parser.cpp:89:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->Properties.automation_settings[key.substr(strlen("Automation Settings"))] = value; data/aegisub-3.2.2+dfsg/src/auto4_base.cpp:89:3: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(lf.lfFaceName, agi::charset::ConvertW(style->font).c_str(), 31); data/aegisub-3.2.2+dfsg/src/gl_text.cpp:150:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). alpha[write] = *read; data/aegisub-3.2.2+dfsg/src/mkv_wrap.cpp:72:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(buffer, self->file.read(pos, count), count); data/aegisub-3.2.2+dfsg/src/mkv_wrap.cpp:87:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = *self->file.read(i, 1); data/aegisub-3.2.2+dfsg/src/mkv_wrap.cpp:128:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto readBuf = input->file.read(filePos, frameSize); data/aegisub-3.2.2+dfsg/src/subtitle_format_ebu3264.cpp:591:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(gsi.uda, "This file was exported by Aegisub using non-standard UTF-8 encoding for the subtitle blocks. The TTI.TF field contains UTF-8-encoded text interspersed with the standard formatting codes, which are not encoded. GSI.CCT is set to 'U8' to signify this.", sizeof(gsi.uda)); data/aegisub-3.2.2+dfsg/src/subtitles_provider.cpp:74:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer.insert(buffer.end(), str, str + strlen(str)); data/aegisub-3.2.2+dfsg/src/text_file_reader.cpp:28:69: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). , stream(agi::make_unique<boost::interprocess::ibufferstream>(file->read(), file->size())) data/aegisub-3.2.2+dfsg/src/video_provider_yuv4mpeg.cpp:207:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (strncmp("YUV4MPEG2 ", file.read(0, 10), 10)) data/aegisub-3.2.2+dfsg/src/video_provider_yuv4mpeg.cpp:220:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto buff = file.read(pos, len); data/aegisub-3.2.2+dfsg/src/video_provider_yuv4mpeg.cpp:408:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto src_y = reinterpret_cast<const unsigned char *>(file.read(seek_table[n], luma_sz + chroma_sz * 2)); data/aegisub-3.2.2+dfsg/tests/tests/audio.cpp:341:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { bfs::ifstream s(path); s.read(file, sizeof file); } data/aegisub-3.2.2+dfsg/tests/tests/hotkey.cpp:216:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tmp.read(buff, sizeof(buff)); ANALYSIS SUMMARY: Hits = 236 Lines analyzed = 112793 in approximately 2.89 seconds (38996 lines/second) Physical Source Lines of Code (SLOC) = 76973 Hits@level = [0] 72 [1] 53 [2] 147 [3] 8 [4] 28 [5] 0 Hits@level+ = [0+] 308 [1+] 236 [2+] 183 [3+] 36 [4+] 28 [5+] 0 Hits/KSLOC@level+ = [0+] 4.0014 [1+] 3.06601 [2+] 2.37746 [3+] 0.467696 [4+] 0.363764 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.