Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chromaprint-1.5.0/src/audio/audio_slicer.h
Examining data/chromaprint-1.5.0/src/audio/audio_slicer_test.cpp
Examining data/chromaprint-1.5.0/src/audio/ffmpeg_audio_processor.h
Examining data/chromaprint-1.5.0/src/audio/ffmpeg_audio_processor_avresample.h
Examining data/chromaprint-1.5.0/src/audio/ffmpeg_audio_processor_swresample.h
Examining data/chromaprint-1.5.0/src/audio/ffmpeg_audio_reader.h
Examining data/chromaprint-1.5.0/src/audio/ffmpeg_audio_reader_test.cpp
Examining data/chromaprint-1.5.0/src/audio_consumer.h
Examining data/chromaprint-1.5.0/src/audio_processor.cpp
Examining data/chromaprint-1.5.0/src/audio_processor.h
Examining data/chromaprint-1.5.0/src/avresample/avcodec.h
Examining data/chromaprint-1.5.0/src/avresample/dsputil.h
Examining data/chromaprint-1.5.0/src/avresample/resample2.c
Examining data/chromaprint-1.5.0/src/chroma.cpp
Examining data/chromaprint-1.5.0/src/chroma.h
Examining data/chromaprint-1.5.0/src/chroma_filter.cpp
Examining data/chromaprint-1.5.0/src/chroma_filter.h
Examining data/chromaprint-1.5.0/src/chroma_normalizer.h
Examining data/chromaprint-1.5.0/src/chroma_resampler.cpp
Examining data/chromaprint-1.5.0/src/chroma_resampler.h
Examining data/chromaprint-1.5.0/src/chromaprint.cpp
Examining data/chromaprint-1.5.0/src/chromaprint.h
Examining data/chromaprint-1.5.0/src/classifier.h
Examining data/chromaprint-1.5.0/src/cmd/fpcalc.cpp
Examining data/chromaprint-1.5.0/src/debug.h
Examining data/chromaprint-1.5.0/src/feature_vector_consumer.h
Examining data/chromaprint-1.5.0/src/fft.cpp
Examining data/chromaprint-1.5.0/src/fft.h
Examining data/chromaprint-1.5.0/src/fft_frame.h
Examining data/chromaprint-1.5.0/src/fft_frame_consumer.h
Examining data/chromaprint-1.5.0/src/fft_lib.h
Examining data/chromaprint-1.5.0/src/fft_lib_avfft.cpp
Examining data/chromaprint-1.5.0/src/fft_lib_avfft.h
Examining data/chromaprint-1.5.0/src/fft_lib_fftw3.cpp
Examining data/chromaprint-1.5.0/src/fft_lib_fftw3.h
Examining data/chromaprint-1.5.0/src/fft_lib_kissfft.cpp
Examining data/chromaprint-1.5.0/src/fft_lib_kissfft.h
Examining data/chromaprint-1.5.0/src/fft_lib_vdsp.cpp
Examining data/chromaprint-1.5.0/src/fft_lib_vdsp.h
Examining data/chromaprint-1.5.0/src/fft_test.cpp
Examining data/chromaprint-1.5.0/src/filter.h
Examining data/chromaprint-1.5.0/src/filter_utils.h
Examining data/chromaprint-1.5.0/src/fingerprint_calculator.cpp
Examining data/chromaprint-1.5.0/src/fingerprint_calculator.h
Examining data/chromaprint-1.5.0/src/fingerprint_compressor.cpp
Examining data/chromaprint-1.5.0/src/fingerprint_compressor.h
Examining data/chromaprint-1.5.0/src/fingerprint_decompressor.cpp
Examining data/chromaprint-1.5.0/src/fingerprint_decompressor.h
Examining data/chromaprint-1.5.0/src/fingerprint_matcher.cpp
Examining data/chromaprint-1.5.0/src/fingerprint_matcher.h
Examining data/chromaprint-1.5.0/src/fingerprinter.cpp
Examining data/chromaprint-1.5.0/src/fingerprinter.h
Examining data/chromaprint-1.5.0/src/fingerprinter_configuration.cpp
Examining data/chromaprint-1.5.0/src/fingerprinter_configuration.h
Examining data/chromaprint-1.5.0/src/image.h
Examining data/chromaprint-1.5.0/src/image_builder.cpp
Examining data/chromaprint-1.5.0/src/image_builder.h
Examining data/chromaprint-1.5.0/src/moving_average.h
Examining data/chromaprint-1.5.0/src/quantizer.h
Examining data/chromaprint-1.5.0/src/silence_remover.cpp
Examining data/chromaprint-1.5.0/src/silence_remover.h
Examining data/chromaprint-1.5.0/src/simhash.cpp
Examining data/chromaprint-1.5.0/src/simhash.h
Examining data/chromaprint-1.5.0/src/spectrum.cpp
Examining data/chromaprint-1.5.0/src/spectrum.h
Examining data/chromaprint-1.5.0/src/utils.h
Examining data/chromaprint-1.5.0/src/utils/base64.cpp
Examining data/chromaprint-1.5.0/src/utils/base64.h
Examining data/chromaprint-1.5.0/src/utils/base64_test.cpp
Examining data/chromaprint-1.5.0/src/utils/gaussian_filter.h
Examining data/chromaprint-1.5.0/src/utils/gradient.h
Examining data/chromaprint-1.5.0/src/utils/pack_int3_array.h
Examining data/chromaprint-1.5.0/src/utils/pack_int5_array.h
Examining data/chromaprint-1.5.0/src/utils/rolling_integral_image.h
Examining data/chromaprint-1.5.0/src/utils/rolling_integral_image_test.cpp
Examining data/chromaprint-1.5.0/src/utils/scope_exit.h
Examining data/chromaprint-1.5.0/src/utils/unpack_int3_array.h
Examining data/chromaprint-1.5.0/src/utils/unpack_int5_array.h
Examining data/chromaprint-1.5.0/tests/audio_buffer.h
Examining data/chromaprint-1.5.0/tests/main.cpp
Examining data/chromaprint-1.5.0/tests/test_api.cpp
Examining data/chromaprint-1.5.0/tests/test_audio_processor.cpp
Examining data/chromaprint-1.5.0/tests/test_chroma.cpp
Examining data/chromaprint-1.5.0/tests/test_chroma_filter.cpp
Examining data/chromaprint-1.5.0/tests/test_chroma_resampler.cpp
Examining data/chromaprint-1.5.0/tests/test_chromaprint.cpp
Examining data/chromaprint-1.5.0/tests/test_filter.cpp
Examining data/chromaprint-1.5.0/tests/test_filter_utils.cpp
Examining data/chromaprint-1.5.0/tests/test_fingerprint_compressor.cpp
Examining data/chromaprint-1.5.0/tests/test_fingerprint_decompressor.cpp
Examining data/chromaprint-1.5.0/tests/test_fingerprint_matcher.cpp
Examining data/chromaprint-1.5.0/tests/test_moving_average.cpp
Examining data/chromaprint-1.5.0/tests/test_quantizer.cpp
Examining data/chromaprint-1.5.0/tests/test_silence_remover.cpp
Examining data/chromaprint-1.5.0/tests/test_simhash.cpp
Examining data/chromaprint-1.5.0/tests/test_utils.cpp
Examining data/chromaprint-1.5.0/tests/test_utils.h
Examining data/chromaprint-1.5.0/tests/test_utils_gaussian_filter.cpp
Examining data/chromaprint-1.5.0/tests/test_utils_gradient.cpp
Examining data/chromaprint-1.5.0/vendor/kissfft/_kiss_fft_guts.h
Examining data/chromaprint-1.5.0/vendor/kissfft/kiss_fft.c
Examining data/chromaprint-1.5.0/vendor/kissfft/kiss_fft.h
Examining data/chromaprint-1.5.0/vendor/kissfft/test/benchfftw.c
Examining data/chromaprint-1.5.0/vendor/kissfft/test/benchkiss.c
Examining data/chromaprint-1.5.0/vendor/kissfft/test/doit.c
Examining data/chromaprint-1.5.0/vendor/kissfft/test/pstats.c
Examining data/chromaprint-1.5.0/vendor/kissfft/test/pstats.h
Examining data/chromaprint-1.5.0/vendor/kissfft/test/test_real.c
Examining data/chromaprint-1.5.0/vendor/kissfft/test/test_vs_dft.c
Examining data/chromaprint-1.5.0/vendor/kissfft/test/testcpp.cc
Examining data/chromaprint-1.5.0/vendor/kissfft/test/twotonetest.c
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/fftutil.c
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kfc.c
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kfc.h
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fftnd.c
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fftnd.h
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fftndr.c
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fftndr.h
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fftr.c
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fftr.h
Examining data/chromaprint-1.5.0/vendor/kissfft/tools/psdpng.c
FINAL RESULTS:
data/chromaprint-1.5.0/src/cmd/fpcalc.cpp:137:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, g_help, argv[0]);
data/chromaprint-1.5.0/vendor/kissfft/test/doit.c:52:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,\
data/chromaprint-1.5.0/vendor/kissfft/test/pstats.c:39:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system( buf )==-1) {
data/chromaprint-1.5.0/vendor/kissfft/test/benchfftw.c:49:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt (argc, argv, "n:ix:h");
data/chromaprint-1.5.0/vendor/kissfft/test/benchkiss.c:39:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt (argc, argv, "n:ix:r");
data/chromaprint-1.5.0/vendor/kissfft/test/test_real.c:86:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/chromaprint-1.5.0/vendor/kissfft/tools/fftutil.c:162:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c=getopt(argc,argv,"n:iR");
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:401:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c=getopt(argc,argv,"n:h:i:o:vd");
data/chromaprint-1.5.0/vendor/kissfft/tools/psdpng.c:39:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt (argc, argv, "n:r:as");
data/chromaprint-1.5.0/src/audio/ffmpeg_audio_reader.h:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/chromaprint-1.5.0/src/audio/ffmpeg_audio_reader.h:140:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sample_rate);
data/chromaprint-1.5.0/src/audio/ffmpeg_audio_reader.h:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/chromaprint-1.5.0/src/audio/ffmpeg_audio_reader.h:146:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", channels);
data/chromaprint-1.5.0/src/audio/ffmpeg_audio_reader.h:362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[AV_ERROR_MAX_STRING_SIZE];
data/chromaprint-1.5.0/src/avresample/resample2.c:207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->filter_bank[c->filter_length*phase_count+1], c->filter_bank, (c->filter_length-1)*sizeof(FELEM));
data/chromaprint-1.5.0/src/cmd/fpcalc.cpp:68:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto value = atoi(argv[i + 1]);
data/chromaprint-1.5.0/src/cmd/fpcalc.cpp:77:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto value = atoi(argv[i + 1]);
data/chromaprint-1.5.0/src/cmd/fpcalc.cpp:104:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto value = atoi(argv[i + 1]);
data/chromaprint-1.5.0/src/utils/base64.h:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char kBase64Chars[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
data/chromaprint-1.5.0/src/utils/base64.h:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char kBase64CharsReversed[256] = {
data/chromaprint-1.5.0/vendor/kissfft/kiss_fft.c:378:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fout,tmpbuf,sizeof(kiss_fft_cpx)*st->nfft);
data/chromaprint-1.5.0/vendor/kissfft/test/benchfftw.c:54:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nfft = atoi (optarg);
data/chromaprint-1.5.0/vendor/kissfft/test/benchfftw.c:57:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numffts = atoi (optarg);
data/chromaprint-1.5.0/vendor/kissfft/test/benchkiss.c:18:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dims[ndims++] = atoi(s);
data/chromaprint-1.5.0/vendor/kissfft/test/benchkiss.c:54:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numffts = atoi (optarg);
data/chromaprint-1.5.0/vendor/kissfft/test/pstats.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/chromaprint-1.5.0/vendor/kissfft/test/pstats.c:35:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"ps -o command,majflt,minflt,rss,pagein,vsz -p %d 1>&2",getpid() );
data/chromaprint-1.5.0/vendor/kissfft/test/pstats.c:37:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"ps -o comm,majflt,minflt,rss,drs,pagein,sz,trs,vsz %d 1>&2",getpid() );
data/chromaprint-1.5.0/vendor/kissfft/test/test_real.c:74:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nfft = atoi(argv[1]);
data/chromaprint-1.5.0/vendor/kissfft/test/test_vs_dft.c:66:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test1d(atoi(argv[k]),0);
data/chromaprint-1.5.0/vendor/kissfft/test/test_vs_dft.c:67:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test1d(atoi(argv[k]),1);
data/chromaprint-1.5.0/vendor/kissfft/test/testcpp.cc:64:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nfft = atoi(argv[k]);
data/chromaprint-1.5.0/vendor/kissfft/test/twotonetest.c:70:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc>1) nfft = atoi(argv[1]);
data/chromaprint-1.5.0/vendor/kissfft/tools/fftutil.c:144:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dims[ndims++] = atoi(arg);
data/chromaprint-1.5.0/vendor/kissfft/tools/fftutil.c:182:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[optind],"rb");
data/chromaprint-1.5.0/vendor/kissfft/tools/fftutil.c:188:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[optind],"wb");
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:220:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->tmpbuf,inbuf,sizeof(kffsamp_t)*n );
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:224:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf,st->tmpbuf,sizeof(kffsamp_t)*( st->ngood - zpad ));
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:242:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inbuf , inbuf+nwritten , *offset * sizeof(kffsamp_t) );
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:408:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nfft=atoi(optarg);
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:411:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(optarg,"rb");
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:418:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(optarg,"w+b");
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fastfir.c:425:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filtfile = fopen(optarg,"rb");
data/chromaprint-1.5.0/vendor/kissfft/tools/kiss_fftnd.c:171:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( st->tmpbuf, fin, sizeof(kiss_fft_cpx) * st->dimprod );
data/chromaprint-1.5.0/vendor/kissfft/tools/psdpng.c:43:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': nfft=(int)atoi(optarg);break;
data/chromaprint-1.5.0/vendor/kissfft/tools/psdpng.c:44:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'r': navg=(int)atoi(optarg);break;
data/chromaprint-1.5.0/vendor/kissfft/tools/psdpng.c:63:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[optind],"rb");
data/chromaprint-1.5.0/vendor/kissfft/tools/psdpng.c:69:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[optind],"wb");
data/chromaprint-1.5.0/src/cmd/fpcalc.cpp:140:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto len = strlen(argv[i]);
data/chromaprint-1.5.0/tests/test_api.cpp:59:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_EQ(18, strlen(fp));
data/chromaprint-1.5.0/tests/test_api.cpp:157:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chromaprint_decode_fingerprint(encoded, strlen(encoded), &fp, &length, &algorithm, 1);
data/chromaprint-1.5.0/tests/test_api.cpp:167:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto ret = chromaprint_decode_fingerprint(encoded, strlen(encoded), &fp, &length, &algorithm, 1);
data/chromaprint-1.5.0/tests/test_api.cpp:180:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto ret = chromaprint_decode_fingerprint(encoded, strlen(encoded), &fp, &length, &algorithm, 1);
data/chromaprint-1.5.0/tests/test_api.cpp:193:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto ret = chromaprint_decode_fingerprint(encoded, strlen(encoded), &fp, &length, &algorithm, 1);
data/chromaprint-1.5.0/tests/test_utils.h:37:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char *) buf, 4096);
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 11092 in approximately 0.40 seconds (27470 lines/second)
Physical Source Lines of Code (SLOC) = 8311
Hits@level = [0] 82 [1] 7 [2] 39 [3] 6 [4] 3 [5] 0
Hits@level+ = [0+] 137 [1+] 55 [2+] 48 [3+] 9 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 16.4842 [1+] 6.61774 [2+] 5.77548 [3+] 1.0829 [4+] 0.360967 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.