Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chuck-1.2.0.8.dfsg/src/chuck_absyn.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_absyn.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_bbq.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_bbq.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_compile.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_console.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_console.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_def.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_dl.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_emit.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_frame.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_frame.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_globals.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_globals.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_instr.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_lang.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_oo.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_otf.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_parse.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_scan.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_scan.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_shell.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_stats.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_stats.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_symbol.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_symbol.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_table.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_table.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_type.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_type.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_ugen.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_ugen.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_utils.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_utils.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_vm.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_win32.c
Examining data/chuck-1.2.0.8.dfsg/src/chuck_win32.h
Examining data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp
Examining data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.h
Examining data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp
Examining data/chuck-1.2.0.8.dfsg/src/hidio_sdl.h
Examining data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp
Examining data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h
Examining data/chuck-1.2.0.8.dfsg/src/rtaudio.h
Examining data/chuck-1.2.0.8.dfsg/src/rterror.h
Examining data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp
Examining data/chuck-1.2.0.8.dfsg/src/rtmidi.h
Examining data/chuck-1.2.0.8.dfsg/src/ugen_filter.cpp
Examining data/chuck-1.2.0.8.dfsg/src/ugen_filter.h
Examining data/chuck-1.2.0.8.dfsg/src/ugen_osc.cpp
Examining data/chuck-1.2.0.8.dfsg/src/ugen_osc.h
Examining data/chuck-1.2.0.8.dfsg/src/ugen_stk.h
Examining data/chuck-1.2.0.8.dfsg/src/ugen_xxx.h
Examining data/chuck-1.2.0.8.dfsg/src/ulib_machine.cpp
Examining data/chuck-1.2.0.8.dfsg/src/ulib_machine.h
Examining data/chuck-1.2.0.8.dfsg/src/ulib_math.cpp
Examining data/chuck-1.2.0.8.dfsg/src/ulib_math.h
Examining data/chuck-1.2.0.8.dfsg/src/ulib_std.h
Examining data/chuck-1.2.0.8.dfsg/src/util_buffers.cpp
Examining data/chuck-1.2.0.8.dfsg/src/util_buffers.h
Examining data/chuck-1.2.0.8.dfsg/src/util_console.cpp
Examining data/chuck-1.2.0.8.dfsg/src/util_console.h
Examining data/chuck-1.2.0.8.dfsg/src/util_hid.h
Examining data/chuck-1.2.0.8.dfsg/src/util_math.c
Examining data/chuck-1.2.0.8.dfsg/src/util_math.h
Examining data/chuck-1.2.0.8.dfsg/src/util_network.c
Examining data/chuck-1.2.0.8.dfsg/src/util_network.h
Examining data/chuck-1.2.0.8.dfsg/src/util_raw.c
Examining data/chuck-1.2.0.8.dfsg/src/util_raw.h
Examining data/chuck-1.2.0.8.dfsg/src/util_sndfile.c
Examining data/chuck-1.2.0.8.dfsg/src/util_sndfile.h
Examining data/chuck-1.2.0.8.dfsg/src/util_string.cpp
Examining data/chuck-1.2.0.8.dfsg/src/util_thread.cpp
Examining data/chuck-1.2.0.8.dfsg/src/util_thread.h
Examining data/chuck-1.2.0.8.dfsg/src/util_xforms.c
Examining data/chuck-1.2.0.8.dfsg/src/util_xforms.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_compile.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_emit.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp
Examining data/chuck-1.2.0.8.dfsg/src/chuck_oo.h
Examining data/chuck-1.2.0.8.dfsg/src/chuck_vm.h
Examining data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp
Examining data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp
Examining data/chuck-1.2.0.8.dfsg/src/ugen_xxx.cpp
Examining data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp
Examining data/chuck-1.2.0.8.dfsg/src/util_hid.cpp
Examining data/chuck-1.2.0.8.dfsg/src/util_string.h
FINAL RESULTS:
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:553:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
i = readlink(DAC_NAME, device_name, sizeof(device_name));
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:803:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT(format) fprintf(stderr,(format));fflush(stderr)
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:804:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT1(format,arg1) fprintf(stderr,(format),(arg1));\
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:806:40: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT2(format,arg1,arg2) fprintf(stderr,(format),\
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:808:45: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT3(format,arg1,arg2,arg3) fprintf(stderr,(format),\
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:132:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( g_lasterror, "[%s]:", *fileName ? mini(fileName) : "chuck" );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:137:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( g_lasterror, g_buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:142:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, ap);
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:143:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf( g_buffer, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:147:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( g_lasterror, g_buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:157:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( g_lasterror, "[%s]:", *fileName ? mini(fileName) : "chuck" );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:162:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( g_lasterror, g_buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:168:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:169:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf( g_buffer, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:172:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( g_lasterror, g_buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:184:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( g_lasterror, "[%s]:", *fileName ? mini(fileName) : "chuck" );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:189:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( g_lasterror, g_buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:195:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:196:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf( g_buffer, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:199:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( g_lasterror, g_buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:214:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:215:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf( g_buffer, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:218:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( g_lasterror, g_buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:244:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, message, ap );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2277:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buffer, "%s", this->type->c_name() );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2945:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( m_param_str, str );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2955:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( m_param_str, buffer );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:3069:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( m_param_str, str );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:4146:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buffer, "(%s)", m_type_ref->c_name() );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:394:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( g_host, argv[i]+8 );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:396:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( g_host, argv[i]+1 );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:167:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( msg->buffer, filename.c_str() );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:258:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( msg.buffer, fname );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:261:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buf, filename.c_str() );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:639:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( (char *)ret.buffer, EM_lasterror() );
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:125:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( g_filename, fname );
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:130:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if( !fd ) strcpy( g_filename, fname );
data/chuck-1.2.0.8.dfsg/src/chuck_symbol.cpp:48:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, (c_str)name); s->next=next;
data/chuck-1.2.0.8.dfsg/src/chuck_type.h:619:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
t_CKUINT access;
data/chuck-1.2.0.8.dfsg/src/chuck_utils.cpp:63:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( p, s );
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:1191:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:3391:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( s, str );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:406:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"(via rtaudio): no devices found for given stream parameters: \n%s",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:409:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"(via rtaudio): unable to open specified device(s) with given stream parameters: \n%s",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:566:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: cannot read value of symbolic link %s.", DAC_NAME);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:572:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: cannot stat %s.", DAC_NAME);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:588:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(device_name, "%s", DAC_NAME);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:592:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(device_name, "%s%d", DAC_NAME, i);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:606:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: OSS record device (%s) is busy.", device_name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:613:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: OSS playback device (%s) is busy.", device_name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:639:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: OSS playback device (%s) is busy and cannot be probed.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:642:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: OSS playback device (%s) open error.", info->name.c_str());
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:681:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: OSS capture device (%s) is busy and cannot be probed.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:684:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: OSS capture device (%s) open error.", info->name.c_str());
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:715:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) reports zero channels for input and output.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:773:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) won't reopen during probe.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:784:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) won't revert to previous channel setting.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:792:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) can't get supported audio formats.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:831:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) data format not supported by RtAudio.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:841:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) error setting data format.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:857:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: no supported sample rates found for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:888:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: input/output channels must be equal for OSS duplex device (%s).", name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:899:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) is busy and cannot be opened.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:902:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) cannot be opened.", name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:918:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) cannot be opened.", name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:926:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) can't get supported audio formats.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1029:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: device (%s) data format not supported by RtAudio.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1069:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error setting fragment size for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1079:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error setting data format for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1088:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error setting %d channels on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1098:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error setting sample rate = %d on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1106:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error ... audio device (%s) doesn't support sample rate of %d.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error getting buffer size for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1163:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error allocating user buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1189:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error allocating device buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1345:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error stopping device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1354:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: error stopping device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1453:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: audio write error for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1478:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiOss: audio read error for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1817:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error getting output channels for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1859:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error getting input channels for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1904:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: No supported sample rates found for OS-X device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1975:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: OS-X device (%s) data format not supported by RtAudio.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2097:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error getting channels for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2105:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: unable to find OS-X audio stream on device (%s) for requested channels (%d).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2122:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error getting buffer size range for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2140:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error setting the buffer size for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error setting buffer size for duplex stream on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2170:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error getting stream format for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2183:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error setting sample rate or data format for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2196:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error getting stream format for device (%s).", devices_[device].name.c_str() );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2230:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: OS-X error allocating coreHandle memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2237:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: error initializing pthread condition variable (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2260:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: OS-X error allocating user buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2285:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: error allocating device buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2354:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiCore: OS-X error setting callback for device (%s).", devices_[device].name.c_str() );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2448:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: OS-X error starting callback procedure on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2460:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: OS-X error starting input callback procedure on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2491:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: OS-X error stopping callback procedure on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2503:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiCore: OS-X error stopping input callback procedure on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2745:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiJack: no Linux Jack server found or connection error (jack: %s)!",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2784:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiJack: error connecting to Linux Jack server in probeDeviceInfo() (jack: %s)!",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2931:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiJack: cannot connect to Linux Jack server in probeDeviceOpen() (jack: %s)!",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2987:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiJack: error allocating JackHandle memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3015:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiJack: error allocating user buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3040:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiJack: error allocating device buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3050:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiJack: error allocating port handle memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3462:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: control open (%i): %s.", card, snd_strerror(result));
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3468:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: control hardware info (%i): %s.", card, snd_strerror(result));
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3477:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: control next device (%i): %s.", card, snd_strerror(result));
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3490:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( name, "hw:%s,%d", cardId, subdevice );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3524:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: control open (%s): %s.", card, snd_strerror(err));
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3538:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm device (%s) doesn't handle output!", info->name.c_str());
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3542:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: snd_ctl_pcm_info error for device (%s) output: %s",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3552:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm playback device (%s) is busy: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3555:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm playback open (%s) error: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3565:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: hardware probe error (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3576:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: hardware minimum channel probe error (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3586:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: hardware maximum channel probe error (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3604:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm device (%s) doesn't handle input!", info->name.c_str());
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3608:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: snd_ctl_pcm_info error for device (%s) input: %s",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3621:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm capture device (%s) is busy: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3624:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm capture open (%s) error: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3637:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: hardware probe error (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3650:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: hardware minimum in channel probe error (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3663:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: hardware maximum in channel probe error (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3699:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm (%s) won't reopen during probe: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3709:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: hardware reopen probe error (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3724:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: no supported sample rates found for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3755:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: pcm device (%s) data format not supported by RtAudio.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3790:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAlsa: pcm device (%s) won't open: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3802:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error getting parameter handle (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3823:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: device (%s) access not supported by RtAudio.", name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3830:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error setting access ( (%s): %s.", name, snd_strerror(err));
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3895:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAlsa: pcm device (%s) data format not supported by RtAudio.", name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3904:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error setting format (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3918:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error getting format endian-ness (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3929:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error setting sample rate (%d) on device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3943:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: channels (%d) not supported by device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3952:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error getting min channels count on device (%s).", name);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3964:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error setting channels (%d) on device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3978:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error setting periods (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3989:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error setting period size (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3999:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiAlsa: error setting buffer size for duplex stream on device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4011:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error installing hardware configuration (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4033:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtAudio: ALSA error installing software configuration (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4081:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error allocating user buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4106:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error allocating device buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4123:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: unable to synchronize input and output streams (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4262:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error preparing pcm device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4275:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error preparing pcm device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4303:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error draining pcm device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4313:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error draining pcm device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4339:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error draining pcm device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4349:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error draining pcm device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4372:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error getting available frames for device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4384:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error getting available frames for device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4471:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error preparing handle after overrun: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4478:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: tickStream() error, current state is %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4486:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: audio read error for device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4547:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: error preparing handle after underrun: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4554:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: tickStream() error, current state is %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4562:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAlsa: audio write error for device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4790:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error loading driver (%s).", info->name.c_str());
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4797:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) initializing driver (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4808:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) getting input/output channel count (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4840:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message_, "RtApiAsio: No supported sample rates found for driver (%s).", info->name.c_str() );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4853:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) getting driver (%s) channel information.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4872:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: driver (%s) data format not supported by RtAudio.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5006:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error loading driver (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5014:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) initializing driver (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5026:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) getting input/output channel count (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5036:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: driver (%s) does not support requested channel count (%d).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5048:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: driver (%s) does not support requested sample rate (%d).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5058:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: driver (%s) error setting sample rate (%d).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5072:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: driver (%s) error getting data format.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5101:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: driver (%s) data format not supported by RtAudio.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) on driver (%s) error getting buffer size.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5153:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error allocating AsioHandle memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5179:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error allocating bufferInfo memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5203:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: eror (%s) on driver (%s) error creating buffers.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5231:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) allocating user buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5257:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error (%s) allocating device buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5425:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error starting device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5449:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAsio: error stopping device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5770:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Error performing default input device enumeration: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5792:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Error performing default output device enumeration: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5813:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to enumerate through sound playback devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5821:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to enumerate through sound capture devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5839:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to enumerate through sound playback devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5847:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to enumerate through sound capture devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5879:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Error performing input device id enumeration: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5892:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Could not create capture object (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5903:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Could not get capture capabilities (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5964:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Error performing output device id enumeration: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5978:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Could not create playback object (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5988:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Could not get playback capabilities (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6038:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: no reported input or output channels for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6044:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: no reported sample rates or data formats for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6117:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: no reported data formats for device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6154:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: requested channels (%d) > than supported (%d) by device (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6163:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Error performing output device id enumeration: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6170:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: output device (%s) id not found!", devices_[device].name.c_str());
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6182:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Could not create playback object (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6192:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to set cooperative level (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6209:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to access primary buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6219:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to set primary buffer format (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6245:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to create secondary DS buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6263:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6277:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock buffer(%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6291:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtAudioDS: device (%s) does not support %d channels.", devices_[device].name.c_str(), channels);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6299:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Error performing input device id enumeration: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6306:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtAudioDS: input device (%s) id not found!", devices_[device].name.c_str());
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6318:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Could not create capture object (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6337:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to create capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6348:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6362:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6402:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: error allocating user buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6427:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: error allocating device buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6439:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Error allocating DsHandle memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6702:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to start buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6715:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to start capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6784:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6803:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6814:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock buffer during playback (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6826:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock buffer during playback (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6846:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to stop capture buffer (%s): %s",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6857:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6868:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6900:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to stop buffer (%s): %s",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6911:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6922:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6938:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to stop capture buffer (%s): %s",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6949:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6960:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock capture buffer (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6995:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7021:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current capture position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7104:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7110:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current capture position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7118:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7124:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current capture position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7178:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7241:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock buffer during playback (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7253:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock buffer during playback (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7281:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current capture position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7347:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to get current capture position (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7367:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to lock buffer during capture (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7387:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiDs: Unable to unlock buffer during capture (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7678:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error counting devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7700:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting output devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7708:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error querying output devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7723:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting input devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7731:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error querying input devices: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7752:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting default input device id: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7772:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting default output device id: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7801:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting device (%s) channels: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7812:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting device (%s) rates: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7835:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting device (%s) channels: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7846:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting device (%s) rates: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7903:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: can't get AL config: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7913:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: can't set %d channels in AL config: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7935:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: can't set buffer size (%ld) in AL config: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7974:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: error setting sample format in AL config: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7990:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: error setting device (%s) in AL config: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8000:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: error opening output port: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8015:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: error setting sample rate (%d) for device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8031:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: error setting device (%s) in AL config: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8041:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: error opening input port: %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8056:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_,"RtApiAl: error setting sample rate (%d) for device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8073:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: Irix Al error allocating handle memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8101:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error allocating user buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8126:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error allocating device buffer memory (%s).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8286:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error draining stream device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8311:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error aborting stream device (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8337:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting available frames for stream (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8348:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message_, "RtApiAl: error getting available frames for stream (%s): %s.",
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:268:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, buffy );
data/chuck-1.2.0.8.dfsg/src/ugen_osc.cpp:1467:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ("[chuck](via CurveTable): too many arguments.\n"));
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11362:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via SKINI): Could not open or find file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11489:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msgTypeString,someStrings[aField]);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11647:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(whatString, skini_msgs[i].messageString);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11661:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(whatString, skini_msgs[i].messageString);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:14041:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "[chuck](via Table): Couldn't stat or find file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:14050:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "[chuck](via Table): Couldn't open or find file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15664:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): Could not open or find file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15701:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): File (%s) data size is zero!", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15852:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): Error reading file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15861:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): Could not stat RAW file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15914:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): %s contains an unsupported data format type (%d).", fileName, format_tag);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15959:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): %d bits per sample with data format %d are not supported (%s).", temp, format_tag, fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15999:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): Error reading WAV file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16018:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): data format in file %s is not supported.", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16065:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): Error reading SND file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16155:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): %d bits per sample in file %s are not supported.", temp, fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16184:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): Error reading AIFF file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16197:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): %s appears to be a Version 4 MAT-file, which is not currently supported.",
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16301:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvIn): Error reading MAT-file (%s).", fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16812:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not create RAW file: %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16818:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Using 16-bit signed integer data format for file %s.", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16837:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not create WAV file: %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16880:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not write WAV header for file %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16921:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not create SND file: %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16950:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not write SND header for file %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16986:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not create AIF file: %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17082:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not write AIF header for file %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17132:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not create MAT file: %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17138:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Using 64-bit floating-point data format for file %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17225:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "[chuck](via WvOut): Could not write MAT-file header for file %s", name);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24447:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, w->autoPrefix.str.c_str() );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24475:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, w->autoPrefix.str.c_str() );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24503:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, w->autoPrefix.str.c_str() );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24531:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, w->autoPrefix.str.c_str() );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24559:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, w->autoPrefix.str.c_str() );
data/chuck-1.2.0.8.dfsg/src/ulib_machine.cpp:143:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( msg.buffer, v );
data/chuck-1.2.0.8.dfsg/src/ulib_machine.cpp:167:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( msg.buffer, v2 );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:592:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
RETURN->v_int = system( cmd );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6218:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf( dir_entity->d_name, CK_HID_JOYSTICKFILE, &js_num ) )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6415:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf( dir_entity->d_name, CK_HID_EVDEVFILE, &m_num ) )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6611:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf( dir_entity->d_name, CK_HID_EVDEVFILE, &m_num ) )
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4908:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ printf (m == 8 ? " %02X " : "%02X ", data [k + m] & 0xFF) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1215:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define LSF_SNPRINTF _snprintf
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1217:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf //XXX really?
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1217:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf //XXX really?
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1219:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define LSF_SNPRINTF snprintf
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1228:25: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define LSF_VSNPRINTF vsnprintf
data/chuck-1.2.0.8.dfsg/src/util_string.cpp:62:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( buffer, str, val );
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:760:20: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
return (void *)LoadLibrary(path);
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:888:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pathspec = getenv(envvars[envvar_index]+1);
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:157:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( time( NULL ) );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:608:27: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
char * tmp_filepath = tmpnam( NULL );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1365:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( chdir( getenv( "HOME" ) ) )
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:70:31: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
#define MUTEX_INITIALIZE(A) InitializeCriticalSection(A)
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:72:30: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define MUTEX_LOCK(A) EnterCriticalSection(A)
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:9773:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( (unsigned int) time(NULL) );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:9775:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( seed );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:251:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( time( NULL ) );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:578:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
::srand( seed );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:650:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char * s = getenv( v );
data/chuck-1.2.0.8.dfsg/src/util_thread.cpp:146:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&mutex);
data/chuck-1.2.0.8.dfsg/src/util_thread.cpp:178:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mutex);
data/chuck-1.2.0.8.dfsg/src/chuck_bbq.cpp:214:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !m_midi_out[index]->open( index ) )
data/chuck-1.2.0.8.dfsg/src/chuck_bbq.cpp:242:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !m_midi_in[index]->open( index ) )
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:778:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( dlerror_buffer, "%i", error );
data/chuck-1.2.0.8.dfsg/src/chuck_dl.cpp:959:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathbuf[PATH_MAX];
data/chuck-1.2.0.8.dfsg/src/chuck_dl.h:536:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlerror_buffer[128];
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_buffer[1024] = "";
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_lasterror[1024] = "[chuck]: (no error)";
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:136:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( g_buffer, "line(%d).char(%d):", num, pos-lines->i );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:161:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( g_buffer, "line(%d):", line );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:188:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( g_buffer, "line(%d):", line );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2276:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2833:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sh->reg->sp, shred->reg->sp, m_val );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2949:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( m_param_str + 48, "..." );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2954:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "[%ld]", m_length );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:3073:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( m_param_str + 60, "..." );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:4145:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:4245:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:4246:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "( many types )" );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256]; sprintf( buffer, "%ld", m_jmp ); return buffer; }
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:82:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ static char buffer[256]; sprintf( buffer, "%ld", m_jmp ); return buffer; }
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:103:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256]; sprintf( buffer, "%ld", m_val ); return buffer; }
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:103:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ static char buffer[256]; sprintf( buffer, "%ld", m_val ); return buffer; }
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:124:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256]; sprintf( buffer, "%.6f", m_val ); return buffer; }
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:124:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ static char buffer[256]; sprintf( buffer, "%.6f", m_val ); return buffer; }
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1430:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1431:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "src=%ld, base=%ld", m_val, base );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1455:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1456:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "src=%ld, base=%ld", m_val, base );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1480:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1481:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "src=%ld, base=%ld", m_val, base );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1540:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1541:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "offset=%ld, value=%ld", m_offset, m_val );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1565:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:1566:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "offset=%ld, value=%f", m_offset, m_val );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2087:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2088:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "size=%ld, emit_addr=%ld istr=%ld",
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2114:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2115:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "size=%ld, emit_addr=%ld", m_size, m_emit_addr );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2140:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "depth=%ld, size=%ld, emit_addr=%ld", m_depth, m_size, m_emit_addr );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2165:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2166:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "offset=%ld, size=%ld, emit_addr=%ld", m_offset, m_size, m_emit_addr );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2191:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2192:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "offset=%ld", m_offset );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2215:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2216:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "offset=%ld, size=%ld, emit_addr=%ld", m_offset, m_size, m_emit_addr );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2241:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2242:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "addr=%ld, size=%ld, emit_addr=%ld", (t_CKUINT)m_addr, m_size, m_emit_addr );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2267:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[256];
data/chuck-1.2.0.8.dfsg/src/chuck_instr.h:2268:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "func=%ld", (t_CKUINT)m_func );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1674:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = min->open( port );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1747:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = mout->open( port );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1853:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = min->open( type, num );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1860:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = min->open( CK_HID_DEV_JOYSTICK, num );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1867:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = min->open( CK_HID_DEV_MOUSE, num );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1874:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = min->open( CK_HID_DEV_KEYBOARD, num );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1880:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = min->open( CK_HID_DEV_TILTSENSOR, 0 );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2044:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !hi->open( CK_HID_DEV_TILTSENSOR, 0 ) )
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2091:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = mout->open( num );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2155:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = mrw->open( filename );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2208:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = mrw->open( filename );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2248:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = mrw->open( filename );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_host[256] = "127.0.0.1";
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:212:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*out = (t_CKUINT)atoi( arg );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:358:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srate = atoi( argv[i]+7 ) > 0 ? atoi( argv[i]+7 ) : srate;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:358:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srate = atoi( argv[i]+7 ) > 0 ? atoi( argv[i]+7 ) : srate;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:360:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srate = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : srate;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:360:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srate = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : srate;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:362:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi( argv[i]+9 ) > 0 ? atoi( argv[i]+9 ) : buffer_size;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:362:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi( argv[i]+9 ) > 0 ? atoi( argv[i]+9 ) : buffer_size;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:364:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : buffer_size;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:364:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : buffer_size;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:366:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_buffers = atoi( argv[i]+8 ) > 0 ? atoi( argv[i]+8 ) : num_buffers;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:366:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_buffers = atoi( argv[i]+8 ) > 0 ? atoi( argv[i]+8 ) : num_buffers;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:368:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_buffers = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : num_buffers;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:368:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_buffers = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : num_buffers;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:370:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac = atoi( argv[i]+5 ) > 0 ? atoi( argv[i]+5 ) : 0;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:370:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac = atoi( argv[i]+5 ) > 0 ? atoi( argv[i]+5 ) : 0;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:372:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adc = atoi( argv[i]+5 ) > 0 ? atoi( argv[i]+5 ) : 0;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:372:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adc = atoi( argv[i]+5 ) > 0 ? atoi( argv[i]+5 ) : 0;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:374:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = adc_chans = atoi( argv[i]+10 ) > 0 ? atoi( argv[i]+10 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:374:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = adc_chans = atoi( argv[i]+10 ) > 0 ? atoi( argv[i]+10 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:376:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = adc_chans = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:376:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = adc_chans = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:378:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = atoi( argv[i]+5 ) > 0 ? atoi( argv[i]+5 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:378:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = atoi( argv[i]+5 ) > 0 ? atoi( argv[i]+5 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:380:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:380:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dac_chans = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:382:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adc_chans = atoi( argv[i]+4 ) > 0 ? atoi( argv[i]+4 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:382:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adc_chans = atoi( argv[i]+4 ) > 0 ? atoi( argv[i]+4 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:384:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adc_chans = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:384:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adc_chans = atoi( argv[i]+2 ) > 0 ? atoi( argv[i]+2 ) : 2;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:386:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ g_priority = atoi( argv[i]+7 ); set_priority = TRUE; }
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:398:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_port = atoi( argv[i]+6 );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:400:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_port = atoi( argv[i]+2 );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:406:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_level = argv[i][5] ? atoi( argv[i]+5 ) : CK_LOG_INFO;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:408:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_level = argv[i][9] ? atoi( argv[i]+9 ) : CK_LOG_INFO;
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:410:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_level = argv[i][2] ? atoi( argv[i]+2 ) : CK_LOG_INFO;
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:105:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE * fd = tmpfile();
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:426:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msg.param = atoi( argv[i] );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:458:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msg.param = atoi( argv[i] );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:493:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msg.param = (i+1)<argc ? atoi(argv[++i]) : 0;
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:650:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( (char *)ret.buffer, "success" );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.h:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NET_BUFFER_SIZE];
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_filename[1024] = "";
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:55:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !(fd = fopen( fname, "rb" )) )
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:58:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( fname, ".ck" );
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:59:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen( fname, "rb" );
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:89:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fd = tmpfile();
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:141:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !fd ) { fd = fopen( g_filename, "r" ); if( fd ) clo = TRUE; }
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:548:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:553:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "code %2d> ", scope);
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:561:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:566:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "code %2d> ", scope);
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:590:14: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = mkstemp( tmp_filepath );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:616:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * tmp_file = fopen( tmp_filepath, "w" );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:712:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ** argv = new char * [ vec_len ];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:754:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ** argv = new char * [ vec_len ];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:840:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ** argv = new char * [ vec_len ];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:935:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:936:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, ":%u", (int)port );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[255];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1503:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * source_file = fopen( argv[i].c_str(), "r" );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1723:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%u", caller->vms.size() - 1 );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1813:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%u", i );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:2130:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
write_file = fopen( filename.c_str(), "w" );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:2187:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
read_file = fopen( argv[0].c_str(), "r" );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:2194:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], * result = fgets( buffer, 256, read_file );
data/chuck-1.2.0.8.dfsg/src/chuck_type.cpp:5130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_escape[256];
data/chuck-1.2.0.8.dfsg/src/chuck_ugen.cpp:100:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( new_base, base, capacity / 2 * sizeof(Chuck_UGen *) );
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:4134:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ adjust(); yylval.ival=atoi(yytext); return NUM; }
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:4139:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ adjust(); yylval.ival=atoi(yytext); return NUM; }
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:534:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_buffer_in, buffer, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:536:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( m_extern_in ) memcpy( m_extern_in, buffer, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:549:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( m_out_ready && !m_end ) memcpy( buffer, m_buffer_out, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:580:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( m_extern_out ) memcpy( m_extern_out, buffer, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:642:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_buffer_in, buffer, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:644:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( m_extern_in ) memcpy( m_extern_in, buffer, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:664:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( !m_end ) memcpy( buffer, m_buffer_out, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:669:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( m_extern_out ) memcpy( m_extern_out, buffer, len );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:1114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_data, Digitalio::m_buffer_in, Digitalio::buffer_size() *
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:58:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( t_CKINT type, t_CKUINT number );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:127:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL PhyHidDevIn::open( t_CKINT type, t_CKUINT number )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:148:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !default_drivers[type].open )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:156:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( default_drivers[type].open( ( int ) number ) )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:360:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL HidOut::open( t_CKUINT device_num )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:366:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_valid = HidOutManager::open( this, (t_CKINT)device_num );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:427:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL HidIn::open( t_CKINT device_type, t_CKINT device_num )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:434:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_valid = HidInManager::open( this, device_type, device_num );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:573:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL HidInManager::open( HidIn * hin, t_CKINT device_type, t_CKINT device_num )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:610:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !phin->open( device_type, device_num ) )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:821:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL HidOutManager::open( HidOut * hout, t_CKINT device_num )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.h:62:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( t_CKUINT device_num = 0 );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.h:95:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( t_CKINT device_type, t_CKINT device_num );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.h:129:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static t_CKBOOL open( HidIn * hin, t_CKINT device_type, t_CKINT device_num );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.h:155:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static t_CKBOOL open( HidOut * hout, t_CKINT device_num );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:156:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL MidiOut::open( t_CKUINT device_num )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:162:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_valid = MidiOutManager::open( this, (t_CKINT)device_num );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:312:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL MidiIn::open( t_CKUINT device_num )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:319:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_valid = MidiInManager::open( this, (t_CKINT)device_num );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:338:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL MidiInManager::open( MidiIn * min, t_CKINT device_num )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:543:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL MidiOutManager::open( MidiOut * mout, t_CKINT device_num )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:616:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL MidiRW::open( const char * filename )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:620:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( filename, "rb+" );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:623:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( filename, "wb+" );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:706:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL MidiMsgOut::open( const char * filename )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:710:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( filename, "wb" );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:760:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL MidiMsgIn::open( const char * filename )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:764:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( filename, "rb" );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:82:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( t_CKUINT device_num = 0 );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:131:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( t_CKUINT device_num = 0 );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:164:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static t_CKBOOL open( MidiIn * min, t_CKINT device_num );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:181:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static t_CKBOOL open( MidiOut * mout, t_CKINT device_num );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:203:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( const char * filename );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:229:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( const char * filename );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:251:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( const char * filename );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:294:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "(via rtaudio): only one open stream allowed per class instance.");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:299:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_,"(via rtaudio): one or both 'channel' parameters must be greater than zero.");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:304:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_,"(via rtaudio): 'format' parameter value is undefined.");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:310:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_,"(via rtaudio): 'outputDevice' parameter value (%d) is invalid.", outputDevice);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:317:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_,"(via rtaudio): 'inputDevice' parameter value (%d) is invalid.", inputDevice);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:429:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "(via rtaudio): invalid device specifier (%d)...", device);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:525:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiOss: no Linux OSS audio devices found!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[16];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:558:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dsplink = atoi(&device_name[8]);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:562:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dsplink = atoi(&device_name[3]);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:595:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device_name, O_WRONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:600:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device_name, O_RDONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:635:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(info->name.c_str(), O_WRONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:677:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(info->name.c_str(), O_RDONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:725:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(info->name.c_str(), O_RDWR | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:763:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(info->name.c_str(), O_WRONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:767:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(info->name.c_str(), O_RDONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:880:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_WRONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:891:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDWR | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:894:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDONLY | O_NONBLOCK);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:909:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_WRONLY | O_SYNC);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:912:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDWR | O_SYNC);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:914:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDONLY | O_SYNC);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1275:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiOss::closeStream(): no open stream to close!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1505:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiOss: A callback is already set for this stream!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1528:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiOss: error starting callback thread!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1618:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: no Macintosh OS-X Core Audio devices found!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1648:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: OS-X error getting device info!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1658:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: memory allocation error during initialization!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1666:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: OS-X error getting device properties!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1692:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( message_, "RtApiCore: OS-X error getting default input device." );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1714:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( message_, "RtApiCore: OS-X error getting default output device." );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1758:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1759:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[512];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1766:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( message_, "RtApiCore: OS-X error getting device manufacturer." );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1771:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fullname, ": " );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1778:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( message_, "RtApiCore: OS-X error getting device name." );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1795:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: memory allocation error!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1838:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: memory allocation error!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2056:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: memory allocation error in probeDeviceOpen()!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2393:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore::closeStream(): no open stream to close!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2525:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: tickStream() should not be used when a callback function is set!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2593:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBufferList->mBuffers[handle->index[0]+i].mData,
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2605:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBufferList->mBuffers[handle->index[0]].mData,
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2620:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stream_.deviceBuffer[i*bufferBytes],
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2635:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_.userBuffer,
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2657:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiCore: A callback is already set for this stream!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2801:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
port = (char *) ports[nChannels];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2803:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
port = (char *) ports[++nChannels];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2813:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
port = (char *) ports[nChannels];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2815:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
port = (char *) ports[++nChannels];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2823:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: error determining jack input/output channels!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2849:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: error determining jack server data format!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2918:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: the Jack server does not support requested channels!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2926:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2947:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( message_, "RtApiJack: the requested sample rate (%d) is different than the JACK server rate (%d).",
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2994:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: error initializing pthread condition variable!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3144:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack::closeStream(): no open stream to close!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[64];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3205:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: unable to activate JACK client!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3215:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: error determining available jack input ports!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3228:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: error connecting output ports!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3238:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: error determining available jack output ports!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3249:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: error connecting input ports!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3290:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: tickStream() should not be used when a callback function is set!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3339:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jackbuffer, &stream_.deviceBuffer[i*bufferBytes], bufferBytes );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3345:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jackbuffer, stream_.userBuffer, bufferBytes );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3355:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stream_.deviceBuffer[i*bufferBytes], jackbuffer, bufferBytes );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3362:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_.userBuffer, jackbuffer, bufferBytes );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3377:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiJack: A callback is already set for this stream!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3433:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAlsa: no Linux ALSA audio devices found!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3459:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "hw:%d", card);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3483:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( name, "hw:%d,%d", card, subdevice );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3516:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3528:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int dev = (unsigned int) atoi( strtok(NULL, ",") );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4204:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAlsa::closeStream(): no open stream to close!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4434:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( apiInfo->tempBuffer, stream_.userBuffer, bufferBytes );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4467:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAlsa: overrun detected.");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4543:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAlsa: underrun detected.");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4583:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAlsa: A callback is already set for this stream!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4606:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAlsa: error starting callback thread!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4726:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAsio: no Windows ASIO audio drivers found!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4750:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_,"RtApiAsio: ASIO requires a single-threaded appartment. Call CoInitializeEx(0,COINIT_APARTMENTTHREADED)");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4759:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4767:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAsio: error getting driver name for device index %d!", i);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4784:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAsio: unable to probe driver while a stream is open.");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4997:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAsio: duplex stream must use the same device for input and output.");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5005:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( !drivers.loadDriver( (char *)devices_[device].name.c_str() ) ) {
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5348:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAsio::closeStream(): no open stream to close!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5386:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAsio: A callback is already set for this stream!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5471:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAsio: tickStream() should not be used when a callback function is set!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5530:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle->bufferInfos[i].buffers[bufferIndex],
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5543:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle->bufferInfos[i].buffers[bufferIndex], stream_.userBuffer, bufferBytes );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5559:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stream_.deviceBuffer[j++*bufferBytes],
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5574:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_.userBuffer,
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5729:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5748:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiDs: no Windows DirectSound audio devices found!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5861:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
device.name.append( (const char *)info[i].name, strlen(info[i].name)+1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6542:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiDs: A callback is already set for this stream!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6563:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiDs: error starting callback thread!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6572:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiDs: error starting callback thread!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6610:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiDs::closeStream(): no open stream to close!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7247:5: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
CopyMemory(buffer1, buffer, bufferSize1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7248:26: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (buffer2 != NULL) CopyMemory(buffer2, buffer+bufferSize1, bufferSize2);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7375:7: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
CopyMemory(buffer, buffer1, bufferSize1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7376:28: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (buffer2 != NULL) CopyMemory(buffer+bufferSize1, buffer2, bufferSize2);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7650:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAl: no Irix AL audio devices found!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8214:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAl::closeStream(): no open stream to close!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8448:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAl: A callback is already set for this stream!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8471:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtApiAl: error starting callback thread!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8557:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_, "RtAudio: stream is not open!");
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8609:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message_,"(via rtaudio): undefined format in formatBytes().");
data/chuck-1.2.0.8.dfsg/src/rtaudio.h:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_[1024];
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:225:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, ", ");
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffy[128];
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:52:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union what { long x; char y[sizeof(long)]; };
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:3563:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct SKINISpec { char messageString[32];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:6619:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char genMIDIMap[128] =
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:6640:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char waveNames[DRUM_NUMWAVES][32] =
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7026:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7027:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via FM): Invalid number of operators (%d) argument to constructor!", operators);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7455:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "[chuck](via Filter): nb (%d) and na (%d) must be >= 1!", nb, na);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7460:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "[chuck](via Filter): a[0] coefficient cannot == 0!");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7501:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "[chuck](via Filter): nb (%d) and na (%d) must be >= 1!", nb, na);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7506:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "[chuck](via Filter): a[0] coefficient cannot == 0!");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7545:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7549:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "[chuck](via Filter): nb (%d) must be >= 1!", nb);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7569:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7573:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "[chuck](via Filter): na (%d) must be >= 1!", na);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:7578:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "[chuck](via Filter): a[0] coefficient cannot == 0!");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:8955:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:8956:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via Modal): Invalid number of modes (%d) argument to constructor!", modes);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11360:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
myFile = fopen(fileName,"r");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11411:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int subStrings(char *aString,
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11412:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char someStrings[__SK_MAX_FIELDS_][__SK_MAX_SIZE_],
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char someStrings[__SK_MAX_FIELDS_][__SK_MAX_SIZE_];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11517:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel = atoi(someStrings[aField]);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11523:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
byteTwoInt = atoi(someStrings[aField]);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11547:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
byteThreeInt = atoi(someStrings[aField]);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputString[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:12288:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instrs[NUM_INSTR][10] = {
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:14036:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:14048:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fileName,"rb");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15662:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fileName, "rb");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15672:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[12];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:15892:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16072:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16121:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char srate[10];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[4];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi[2];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16226:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvIn): The file does not contain a single Matlab array (or matrix) data element.");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16253:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvIn): The MAT-file array data format (%d) is not supported.", tmp);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16274:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvIn): Transpose the MAT-file array so that audio channels fill matrix rows (not columns).");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16405:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvIn): Error reading file data.");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16633:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char riff[4]; // "RIFF"
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16635:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wave[4]; // "WAVE"
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[4]; // "fmt "
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4]; // "data"
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16650:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[4];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16656:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[16];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16662:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char form[4]; // "FORM"
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aiff[4]; // "AIFF" or "AIFC"
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16665:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[4]; // "COMM"
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16670:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char srate[10]; // IEEE 754 floating point format
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssnd[4]; // "SSND"
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16682:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heading[124]; // Header text field
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16757:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvOut): the channels argument must be greater than zero!");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16768:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( msg, "[chuck](via WvOut): Unknown data type specified (%ld).", format );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16776:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvOut): STK RAW files are, by definition, always monaural (channels = %d not supported)!", nChannels);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16790:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvOut): Unknown file type specified (%ld).", fileType);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16807:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16809:38: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( strstr(name, ".raw") == NULL) strcat(name, ".raw");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16810:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(name, "wb");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16832:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16834:38: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( strstr(name, ".wav") == NULL) strcat(name, ".wav");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16835:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(name, "wb");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16916:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16918:38: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( strstr(name, ".snd") == NULL) strcat(name, ".snd");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16919:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(name, "wb");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16981:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16983:38: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( strstr(name, ".aif") == NULL) strcat(name, ".aif");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16984:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(name, "wb");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17064:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4] = {'f','l','3','2'};
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17065:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zeroes[2] = { 0, 0 };
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17070:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4] = {'f','l','6','4'};
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zeroes[2] = { 0, 0 };
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17129:38: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( strstr(name, ".mat") == NULL) strcat(name, ".mat");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17130:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(name, "w+b");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17143:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hdr.heading,"MATLAB 5.0 MAT-file, Generated using the Synthesis ToolKit in C++ (STK). By Perry R. Cook and Gary P. Scavone, 1995-2002.");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arrayName[64];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17324:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "[chuck](via WvOut): Error writing data to file.");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24452:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buffer, ").mat" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24480:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buffer, ").snd" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24508:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buffer, ").wav" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24525:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24536:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buffer, ").raw" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24564:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buffer, ").aiff" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.h:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.h:1246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.h:4447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgTypeString[64];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.h:4454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remainderString[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.h:4455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whatString[1024];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.h:5054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/chuck-1.2.0.8.dfsg/src/ugen_stk.h:5483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:602:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
RETURN->v_int = atoi( v );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:806:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL KBHitManager::open( KBHit * kb )
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:857:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL KBHit::open()
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:859:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return KBHitManager::open( this );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:876:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:888:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1021:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048];
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[0x1000];
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1402:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open( filename.c_str(), ios::in );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1627:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open( char * port, t_CKUINT baudrate );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1645:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL Serial::open( char * port, t_CKUINT baudrate )
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1782:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RETURN->v_int = s->open( (char *)str->str.c_str(), i );
data/chuck-1.2.0.8.dfsg/src/ulib_std.h:83:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKBOOL open();
data/chuck-1.2.0.8.dfsg/src/ulib_std.h:119:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static t_CKBOOL open( KBHit * kb );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:129:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open() {};
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:257:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open,
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:527:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = (*interface)->open( interface, 0 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:1433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __temp[256];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:1946:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
case OSX_Hid_op::open:
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2071:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
op.type = OSX_Hid_op::open;
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2718:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual t_CKINT open() { return -1; }
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2737:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2761:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual t_CKINT open();
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2911:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t_CKINT WiiRemote::open()
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3253:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[23];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3257:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf+1, data, size );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[22];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3284:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cmd + 6, data, size );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3537:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &wr->address, address, sizeof( BluetoothDeviceAddress ) );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3547:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wr->open();
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3557:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wr->open();
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3651:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open,
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3672:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
case WiiRemoteOp::open:
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3808:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wro.op = WiiRemoteOp::open;
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3974:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_PATH];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:4380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_state[DINPUT_KEYBUFFER_SIZE];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:4383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_PATH];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:4836:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[DINPUT_KEYBUFFER_SIZE];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:4864:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( keyboard->last_state, state, DINPUT_KEYBUFFER_SIZE );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:4991:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_PATH];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:5374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[CK_HID_STRBUFSIZE];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:5375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[CK_HID_NAMESIZE];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6125:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( t_pollfds, pollfds, pollfds_end * sizeof( pollfd ) );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CK_HID_STRBUFSIZE];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6222:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fd = open( buf, O_RDONLY | O_NONBLOCK ) ) >= 0 ||
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6280:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( joystick->fd = open( joystick->filename, O_RDONLY | O_NONBLOCK ) ) < 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6329:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char relcaps[(REL_MAX / 8) + 1];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6330:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abscaps[(ABS_MAX / 8) + 1];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6331:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keycaps[(KEY_MAX / 8) + 1];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6344:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fd = open( filename, O_RDONLY | O_NONBLOCK ) ) < 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CK_HID_STRBUFSIZE];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6477:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( mouse->fd = open( mouse->filename, O_RDONLY | O_NONBLOCK ) ) < 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6524:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char relcaps[(REL_MAX / 8) + 1];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6525:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abscaps[(ABS_MAX / 8) + 1];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6526:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keycaps[(KEY_MAX / 8) + 1];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6539:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fd = open( filename, O_RDONLY | O_NONBLOCK ) ) < 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CK_HID_STRBUFSIZE];
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6650:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( keyboard->fd = open( keyboard->filename, O_RDONLY | O_NONBLOCK ) ) < 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.h:99:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ( *open )( int );
data/chuck-1.2.0.8.dfsg/src/util_network.c:193:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char *)&sock->sock_in.sin_addr, host->h_addr, host->h_length );
data/chuck-1.2.0.8.dfsg/src/util_network.c:195:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy( host->h_addr, (char *)&sock->sock_in.sin_addr, host->h_length );
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:150:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const bitoff[ 256 ] = {
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:406:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sampleRate [10] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zero_bytes [2] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:853:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char bytes [6] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:1118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char comm_sample_rate [10], comm_zero_bytes [2] = { 0, 0 } ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:1797:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char alaw_encode [2049] =
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:2787:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ptr [indx]), &(pg72x->samples [pg72x->samplecount]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3027:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(pg72x->samples [pg72x->samplecount]), &(ptr [indx]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [8] ; /* null-padded sample name */
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext [20] ; /* Additional filename space, used if (name[7] != 0) */
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user [64] ; /* User defined. Typically ASCII message */
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3524:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy( (char *)State->dp0, (char *)(State->dp0 + 160),
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3619:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, &(simple_formats [indx]), SIGNED_SIZEOF (SF_FORMAT_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3667:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, &(major_formats [indx]), SIGNED_SIZEOF (SF_FORMAT_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3720:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, &(subtype_formats [indx]), sizeof (SF_FORMAT_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3737:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy (data, &(major_formats [k]), sizeof (SF_FORMAT_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3747:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy (data, &(subtype_formats [k]), sizeof (SF_FORMAT_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, *strptr, istr [5], lead_char, sign_char ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4471:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(psf->header [psf->headindex]), strptr, size) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4480:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(psf->header [psf->headindex]), strptr, size) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4488:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(psf->header [psf->headindex]), bindata, size) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4505:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(psf->header [psf->headindex]), bindata, 16) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4603:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, psf->header + psf->headindex, bytes) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4688:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *ucptr, sixteen_bytes [16] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char ascii [17], *data ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:6088:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c [8] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:6445:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr + total, psf->buffer, readcount * sizeof (double)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:6473:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr + total, psf->buffer, thisread * sizeof (double)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:6582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (psf->buffer, ptr + total, writecount * sizeof (double)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:6869:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer [256] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:7588:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psf->filedes = open (pathname, oflag) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:7590:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psf->filedes = open (pathname, oflag, mode) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:8405:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psf->filedes = open (pathname, oflag) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:8407:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psf->filedes = open (pathname, oflag, mode) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:9142:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c [4] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:9500:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr + total, psf->buffer, readcount * sizeof (float)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:9609:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (psf->buffer, ptr + total, writecount * sizeof (float)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:10980:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block [WAV_W64_GSM610_BLOCKSIZE] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:11164:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ptr [indx]), &(pgsm610->samples [pgsm610->samplecount]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:11390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(pgsm610->samples [pgsm610->samplecount]), &(ptr [indx]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:13363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ptr [indx]), &(pima->samples [pima->samplecount * pima->channels]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:13596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(pima->samples [pima->samplecount * pima->channels]), &(ptr [total]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:15725:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char rsrc_name [1024] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:15961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [64] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16114:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char str [32] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [32] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char name [32] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16956:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ptr [indx]), &(pms->samples [pms->samplecount * pms->channels]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:17263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(pms->samples [pms->samplecount * pms->channels]), &(ptr [total]), count * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:17591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str [64], *cptr ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:18493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ptr [total]), &(ppaf24->samples [ppaf24->read_count * ppaf24->channels]), count * sizeof (int)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:18656:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ppaf24->samples [ppaf24->write_count * ppaf24->channels]), &(ptr [total]), count * sizeof (int)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:22014:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer [32] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:22742:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char *marker_type [4] =
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:23227:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char read_data [SDS_BLOCK_SIZE] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:23231:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char write_data [SDS_BLOCK_SIZE] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:23830:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ptr [total]), &(psds->read_samples [psds->read_count]), count * sizeof (int)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:24150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(psds->write_samples [psds->write_count]), &(ptr [total]), count * sizeof (int)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:25013:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sf_logbuffer [SF_BUFFER_LEN] = { 0 } ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:25014:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sf_syserr [SF_SYSERR_LEN] = { 0 } ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:25073:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sfinfo, &(psf->sf), sizeof (SF_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:25106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sfinfo, &(psf->sf), sizeof (SF_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26696:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [16] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26735:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cptr [0x40] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26837:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cptr , buffer, sizeof (buffer)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26971:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(psf->sf), sfinfo, sizeof (SF_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27208:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sfinfo, &(psf->sf), sizeof (SF_INFO)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27321:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (psf->str_end, str, str_len + 1) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27353:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (psf->str_end, str, str_len + 1) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:28528:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ulaw_encode [8193] =
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:29463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char creative [20] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:30228:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vox_data [VOX_DATA_LEN] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:30454:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ptr [indx]), pvox->pcm_data, pvox->pcm_samples * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:30583:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pvox->pcm_data, &(ptr [indx]), pvox->pcm_samples * sizeof (short)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:30755:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char name [16] = { (x0), (x1), (x2), (x3), (x4), (x5), \
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:33177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename [22] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:33178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char software [20] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:33179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sample_name [22] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:33476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer [64], name [32] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:782:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename [SF_FILENAME_LEN] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:784:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syserr [SF_SYSERR_LEN] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:789:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbuffer [SF_BUFFER_LEN] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:790:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header [SF_HEADER_LEN] ; /* Must be unsigned */
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:797:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_storage [SF_BUFFER_LEN] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1345:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block [G72x_BLOCK_SIZE] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1922:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esf_field4 [8] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:1947:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding [512] ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.h:2061:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block [G72x_BLOCK_SIZE] ;
data/chuck-1.2.0.8.dfsg/src/util_string.cpp:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/chuck-1.2.0.8.dfsg/src/util_string.cpp:46:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%li", val );
data/chuck-1.2.0.8.dfsg/src/util_string.cpp:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/chuck-1.2.0.8.dfsg/src/util_string.cpp:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/chuck-1.2.0.8.dfsg/src/util_string.cpp:61:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "%%.%lif", precision );
data/chuck-1.2.0.8.dfsg/src/chuck_def.h:134:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#ifndef usleep
data/chuck-1.2.0.8.dfsg/src/chuck_def.h:135:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(x) Sleep( (x / 1000 <= 0 ? 1 : x / 1000) )
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:100:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( str );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:103:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ( p == str || strlen(p+1) == 0 ? p : p+1 );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:140:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( g_lasterror, " " );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:165:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( g_lasterror, " " );
data/chuck-1.2.0.8.dfsg/src/chuck_errmsg.cpp:192:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( g_lasterror, " " );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2942:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_CKUINT len = strlen( str );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:2948:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( m_param_str, str, 48 );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:3066:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_CKUINT len = strlen( str );
data/chuck-1.2.0.8.dfsg/src/chuck_instr.cpp:3072:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( m_param_str, str, 60 );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:1966:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
RETURN->v_int = min->read( type, num, &the_msg );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2053:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( !hi->read( CK_HID_ACCELEROMETER, 0, &msg ) )
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2170:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
RETURN->v_int = mrw->read( &the_msg, &time );
data/chuck-1.2.0.8.dfsg/src/chuck_lang.cpp:2263:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
RETURN->v_int = mrw->read( &the_msg, &time );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:162:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( (unsigned long)(rand() / (float)RAND_MAX * 2000000) );
data/chuck-1.2.0.8.dfsg/src/chuck_main.cpp:716:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:608:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 40000 );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:620:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 40000 );
data/chuck-1.2.0.8.dfsg/src/chuck_otf.cpp:657:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 10000 );
data/chuck-1.2.0.8.dfsg/src/chuck_parse.cpp:93:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite( code, sizeof(char), strlen(code), fd );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:589:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( tmp_filepath, "/tmp/chuck_file.XXXXXX", 32 );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:717:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy( argv[0], "+", 2 );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:724:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( argv[j], files[j - 1].c_str(), str_len );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:759:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy( argv[0], "-", 2 );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:766:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( argv[j], ids[j - 1].c_str(), str_len );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:851:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( argv[j], vec[j - 1].c_str(), str_len );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1304:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen( cwd );
data/chuck-1.2.0.8.dfsg/src/chuck_shell.cpp:1328:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dir, argv[i].c_str(), j );
data/chuck-1.2.0.8.dfsg/src/chuck_symbol.cpp:47:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name = (c_str)checked_malloc(strlen(name)+1);
data/chuck-1.2.0.8.dfsg/src/chuck_type.h:749:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f_ctrl ctrl, t_CKBOOL write, t_CKBOOL read );
data/chuck-1.2.0.8.dfsg/src/chuck_utils.cpp:62:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_str p = (c_str)checked_malloc( strlen(s)+1 );
data/chuck-1.2.0.8.dfsg/src/chuck_vm.cpp:436:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 50000 );
data/chuck-1.2.0.8.dfsg/src/chuck_vm.cpp:569:15: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
{ usleep( 50000 ); }
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:1312:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:3383:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str)-1] = '\0';
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:3390:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_str s = (c_str)malloc( strlen(str) + 1 );
data/chuck-1.2.0.8.dfsg/src/chuck_win32.c:3540:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:321:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 40000 );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:545:38: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while( !m_out_ready && n-- ) usleep( 250 );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:572:45: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
n = 8; while( !m_out_ready && n-- ) usleep( 250 );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:930:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 250 );
data/chuck-1.2.0.8.dfsg/src/digiio_rtaudio.cpp:1110:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 250 );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:59:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL read( t_CKINT element_type, t_CKINT element_num, HidMsg * msg );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:185:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL PhyHidDevIn::read( t_CKINT element_type, t_CKINT element_num, HidMsg * msg )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:187:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( !default_drivers[device_type].read )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:195:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( default_drivers[device_type].read( device_num, element_type,
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:689:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL HidIn::read( t_CKINT type, t_CKINT num, HidMsg * msg )
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.cpp:695:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return phin->read( type, num, msg );
data/chuck-1.2.0.8.dfsg/src/hidio_sdl.h:97:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL read( t_CKINT type, t_CKINT num, HidMsg * msg );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:648:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL MidiRW::read( MidiMsg * msg, t_CKTIME * time )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.cpp:780:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL MidiMsgIn::read( MidiMsg * msg, t_CKTIME * time )
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:207:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL read( MidiMsg * msg, t_CKTIME * time );
data/chuck-1.2.0.8.dfsg/src/midiio_rtmidi.h:255:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t_CKBOOL read( MidiMsg * msg, t_CKTIME * time );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:621:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device.name.append( (const char *)device_name, strlen(device_name)+1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1410:45: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (stream_.callbackInfo.usingCallback) usleep(50000); // sleep 50 milliseconds
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1474:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(handle[1], buffer, samples * formatBytes(format));
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1770:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fullname, name, 256);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1782:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fullname, name, 254);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:1784:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->name.append( (const char *)fullname, strlen(fullname)+1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:2737:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jackmsg.append( desc, strlen(desc)+1 );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3488:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( unsigned int i=0; i<strlen(cardId); i++ ) {
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3495:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device.name.append( (const char *)name, strlen(name)+1 );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:3520:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( name, info->name.c_str(), 64 );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4405:45: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (stream_.callbackInfo.usingCallback) usleep(50000); // sleep 50 milliseconds
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:4763:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device.name.append( (const char *)name, strlen(name)+1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5861:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device.name.append( (const char *)info[i].name, strlen(info[i].name)+1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:5873:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dsinfo.name, info->name.c_str(), 64 );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:6144:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dsinfo.name, devices_[device].name.c_str(), 64 );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7474:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 100000 );
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7509:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(info->name) > 0) info++;
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7511:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info->name, lpcstrDescription, 64);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7557:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info->name, lpcstrDescription, 64);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7713:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device.name.append( (const char *)name, strlen(name)+1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:7736:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device.name.append( (const char *)name, strlen(name)+1);
data/chuck-1.2.0.8.dfsg/src/rtaudio.cpp:8368:45: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (stream_.callbackInfo.usingCallback) usleep(50000); // sleep 50 milliseconds
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:232:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize -= strlen(buffer);
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:233:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += strlen(buffer);
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:248:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize -= strlen(buffer) + 1;
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:249:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += strlen(buffer);
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:265:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strcmp( mid, buffy ) && strlen(buffy) < bufsize ) {
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:859:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 1000 );
data/chuck-1.2.0.8.dfsg/src/rtmidi.cpp:1502:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 1000 );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11648:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(whatString, ",");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:11662:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(whatString, ",");
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:13937:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( (unsigned long) (milliseconds * 1000.0) );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:13960:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(message, p, 256);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16808:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, fileName, 128);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16833:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, fileName, 128);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16917:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, fileName, 128);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:16982:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, fileName, 128);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17128:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, fileName, 128);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17146:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(hdr.heading);i<124;i++) hdr.heading[i] = ' ';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17175:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SINT32 namelength = (SINT32) strlen(fileName);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:17179:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(arrayName, fileName, namelength);
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24448:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buffer, "(" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24449:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( buffer, ctime(&t), 24 );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24450:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+14] = 'h';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24451:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+17] = 'm';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24476:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buffer, "(" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24477:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( buffer, ctime(&t), 24 );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24478:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+14] = 'h';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24479:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+17] = 'm';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24504:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buffer, "(" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24505:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( buffer, ctime(&t), 24 );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24506:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+14] = 'h';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24507:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+17] = 'm';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24532:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buffer, "(" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24533:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( buffer, ctime(&t), 24 );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24534:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+14] = 'h';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24535:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+17] = 'm';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24560:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buffer, "(" );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24561:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( buffer, ctime(&t), 24 );
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24562:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+14] = 'h';
data/chuck-1.2.0.8.dfsg/src/ugen_stk.cpp:24563:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(w->autoPrefix.str.c_str())+17] = 'm';
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:744:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 5000 );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1030:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 10000 );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1619:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned read( char * buffer, unsigned numberOfBytesToRead );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1623:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char read();
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1724:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char Serial::read()
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1727:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read( &c, 1 );
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1747:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned Serial::read( char * buffer, unsigned numberOfBytesToRead )
data/chuck-1.2.0.8.dfsg/src/ulib_std.cpp:1815:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
RETURN->v_int = (t_CKINT)s->read();
data/chuck-1.2.0.8.dfsg/src/util_console.cpp:181:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifkeyin = read( 0, &c, 1 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:170:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "Device", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:339:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "Joystick", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:347:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "Mouse", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:355:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "Keyboard", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:1490:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( __temp, "Joystick", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:1591:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( __temp, "Mouse", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:1692:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( __temp, "Keyboard", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2702:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "Bluetooth Device", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2970:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 1000 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:2974:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 1000 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3538:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( wr->name, "Nintendo RVL-CNT-01", 256 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3913:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 10 );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3964:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "Joystick", MAX_PATH );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:3995:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( js->name, lpddi->tszProductName, MAX_PATH );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:4375:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "Keyboard", MAX_PATH );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:4765:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( keyboard->name, lpddi->tszProductName, MAX_PATH );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:5007:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( mouse->name, lpddi->tszProductName, MAX_PATH );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:5359:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( name, "(name unknown)", CK_HID_NAMESIZE );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:5392:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( ( len = read( fd, &event, sizeof( event ) ) ) > 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:5474:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( ( len = read( fd, &event, sizeof( event ) ) ) > 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6009:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( ( len = read( fd, &event, sizeof( event ) ) ) > 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6117:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( read( hid_channel_r, &hcm, sizeof( hcm ) ) > 0 )
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6234:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( js->filename, buf, CK_HID_STRBUFSIZE );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6383:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( mouse->filename, filename, CK_HID_STRBUFSIZE );
data/chuck-1.2.0.8.dfsg/src/util_hid.cpp:6578:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( keyboard->filename, filename, CK_HID_STRBUFSIZE );
data/chuck-1.2.0.8.dfsg/src/util_hid.h:103:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ( *read )( int, int, int, HidMsg * );
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:3961:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width_specifier -= strlen (strptr) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4183:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen ((char*) psf->header) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4194:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf->headindex = strlen ((char*) psf->header) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4463:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strptr) + 1 ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:4479:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strptr) + 1 ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:7693:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read (psf->filedes, ((char*) ptr) + total, (size_t) count) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:7803:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ count = read (psf->filedes, &(buffer [k]), 1) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:8481:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read (psf->filedes, ((char*) ptr) + total, (size_t) count) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:8571:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ count = read (psf->filedes, &(buffer [k]), 1) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16359:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf_binheader_writef (psf, "44b", MAT5_TYPE_SCHAR, strlen (sr_name), sr_name, 16) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16373:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf_binheader_writef (psf, "44b", MAT5_TYPE_SCHAR, strlen (wd_name), wd_name, strlen (wd_name)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16373:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf_binheader_writef (psf, "44b", MAT5_TYPE_SCHAR, strlen (wd_name), wd_name, strlen (wd_name)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:16405:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen ((char*) psf->buffer) >= 124)
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:17609:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ cptr += strlen ("end_head") + 1 ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:17625:4: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
{ sscanf (cptr, "sample_coding -s%d %63s", &count, str) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:17658:4: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
{ sscanf (cptr, "sample_byte_format -s%d %8s", &bytes, str) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:21996:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf->headindex = strlen ((char*) psf->header) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26705:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cptr) > sizeof (buffer) - 1)
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26708:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buffer, cptr, sizeof (buffer)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26841:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cptr [1] < (sizeof (cptr) - 3) && cptr [cptr [1] + 2] == 0 && strlen (((char*) cptr) + 2) == cptr [1])
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:26939:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ memset (psf->format_desc, 0, strlen (psf->format_desc)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27257:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen (str) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27328:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr (str, PACKAGE) == NULL && len_remaining > (int) (strlen (bracket_name) + str_len + 2))
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27329:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strlen (str) == 0)
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27330:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (psf->str_end, lsf_name, len_remaining) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27332:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (psf->str_end, bracket_name, len_remaining) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27333:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf->str_end += strlen (psf->str_end) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:27658:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (psf->filename) != dword)
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:33428:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf_binheader_writef (psf, "b", string, strlen (string)) ;
data/chuck-1.2.0.8.dfsg/src/util_sndfile.c:33452:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psf_binheader_writef (psf, "111111", 128, 0, pxi->sample_flags, 128, 0, strlen (pxi->sample_name)) ;
ANALYSIS SUMMARY:
Hits = 1071
Lines analyzed = 154209 in approximately 3.82 seconds (40377 lines/second)
Physical Source Lines of Code (SLOC) = 95410
Hits@level = [0] 314 [1] 180 [2] 551 [3] 14 [4] 325 [5] 1
Hits@level+ = [0+] 1385 [1+] 1071 [2+] 891 [3+] 340 [4+] 326 [5+] 1
Hits/KSLOC@level+ = [0+] 14.5163 [1+] 11.2252 [2+] 9.33864 [3+] 3.56357 [4+] 3.41683 [5+] 0.0104811
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.