Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bplay-0.991/shmbuf.c
Examining data/bplay-0.991/bplay.c
Examining data/bplay-0.991/fmtheaders.h
Examining data/bplay-0.991/sndfunc.c
FINAL RESULTS:
data/bplay-0.991/bplay.c:145:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, "Ss:b:t:T:j:J:rvwd:B:D:q")) != -1)
data/bplay-0.991/bplay.c:87:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void playraw(int thefd, char hd_buf[20], int speed, int bits, int stereo,
data/bplay-0.991/bplay.c:89:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void playwav(int thefd, char hd_buf[20], int mods, int speed, int bits,
data/bplay-0.991/bplay.c:91:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void playvoc(int thefd, char hd_buf[20]);
data/bplay-0.991/bplay.c:103:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void diskread(int outfd, long long int bcount, char hd_buf[20], int terminate,
data/bplay-0.991/bplay.c:150:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed = atoi(optarg);
data/bplay-0.991/bplay.c:156:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bits = atoi(optarg);
data/bplay-0.991/bplay.c:166:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timelim = atoi(optarg);
data/bplay-0.991/bplay.c:169:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
samplim = atoi(optarg);
data/bplay-0.991/bplay.c:172:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timejmp = atoi(optarg);
data/bplay-0.991/bplay.c:175:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sampjmp = atoi(optarg);
data/bplay-0.991/bplay.c:193:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bigbuffsize = atoi(optarg);
data/bplay-0.991/bplay.c:196:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(optarg);
data/bplay-0.991/bplay.c:237:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((thefd = open(argv[optind], O_CREAT | O_TRUNC | O_WRONLY | O_LARGEFILE,
data/bplay-0.991/bplay.c:242:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((thefd = open(argv[optind], O_RDONLY | O_LARGEFILE)) == -1)
data/bplay-0.991/bplay.c:294:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.main_chunk), riff, 4);
data/bplay-0.991/bplay.c:302:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.chunk_type), wave, 4);
data/bplay-0.991/bplay.c:304:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.sub_chunk), fmt, 4);
data/bplay-0.991/bplay.c:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.data_chunk), data, 4);
data/bplay-0.991/bplay.c:379:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hd_buf[20]; /* Holds first 20 bytes */
data/bplay-0.991/bplay.c:467:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void playraw(int thefd, char hd_buf[20], int speed, int bits, int stereo, int jump, int secs)
data/bplay-0.991/bplay.c:480:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void playwav(int thefd, char hd_buf[20], int mods, int speed, int bits, int stereo, int jump, int secs)
data/bplay-0.991/bplay.c:485:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&wavhd, (void*)hd_buf, 20);
data/bplay-0.991/bplay.c:520:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void playvoc(int thefd, char hd_buf[20])
data/bplay-0.991/bplay.c:532:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&vochd, (void*)hd_buf, 20);
data/bplay-0.991/bplay.c:661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junkbuf[BUFSIZ];
data/bplay-0.991/shmbuf.c:310:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void diskread(int infd, long long int totalplay, char hd_buf[20],
data/bplay-0.991/shmbuf.c:358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmppt, hd_buf, 20);
data/bplay-0.991/sndfunc.c:39:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audio = open(audev, (recorder)? O_RDONLY : O_WRONLY);
data/bplay-0.991/bplay.c:235:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
themask = umask(0);
data/bplay-0.991/bplay.c:236:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(themask);
data/bplay-0.991/bplay.c:381:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(thefd, hd_buf, 20);
data/bplay-0.991/bplay.c:486:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(thefd, ((char*)&wavhd)+20, sizeof(wavhd) - 20);
data/bplay-0.991/bplay.c:533:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(thefd, ((char*)&vochd)+20, sizeof(vochd) - 20);
data/bplay-0.991/bplay.c:551:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(thefd, junk, off);
data/bplay-0.991/bplay.c:555:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read(thefd, (char*)&ccblock, sizeof(ccblock))) == -1)
data/bplay-0.991/bplay.c:572:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(thefd, (char*)&tblock, sizeof(tblock));
data/bplay-0.991/bplay.c:588:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(thefd, (char*)&tblock, sizeof(tblock));
data/bplay-0.991/bplay.c:603:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(thefd, (char*)&tblock, sizeof(tblock));
data/bplay-0.991/bplay.c:627:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(thefd, (char*)&loop_times, 2);
data/bplay-0.991/bplay.c:669:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(thefd, junkbuf, trgt);
data/bplay-0.991/shmbuf.c:283:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
((count = read(audio, tmpptr, trgt - numrd)) > 0) )
data/bplay-0.991/shmbuf.c:364:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
((count = read(infd, tmppt, trgt - numread)) != 0) )
ANALYSIS SUMMARY:
Hits = 43
Lines analyzed = 1374 in approximately 0.33 seconds (4203 lines/second)
Physical Source Lines of Code (SLOC) = 1078
Hits@level = [0] 41 [1] 14 [2] 28 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 84 [1+] 43 [2+] 29 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 77.9221 [1+] 39.8887 [2+] 26.9017 [3+] 0.927644 [4+] 0 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.