Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cmt-1.16/src/am.cpp
Examining data/cmt-1.16/src/ambisonic.cpp
Examining data/cmt-1.16/src/amp.cpp
Examining data/cmt-1.16/src/analogue.cpp
Examining data/cmt-1.16/src/canyondelay.cpp
Examining data/cmt-1.16/src/cmt.cpp
Examining data/cmt-1.16/src/cmt.h
Examining data/cmt-1.16/src/delay.cpp
Examining data/cmt-1.16/src/descriptor.cpp
Examining data/cmt-1.16/src/disintegrator.cpp
Examining data/cmt-1.16/src/dynamic.cpp
Examining data/cmt-1.16/src/filter.cpp
Examining data/cmt-1.16/src/freeverb/Components/allpass.cpp
Examining data/cmt-1.16/src/freeverb/Components/allpass.h
Examining data/cmt-1.16/src/freeverb/Components/comb.cpp
Examining data/cmt-1.16/src/freeverb/Components/comb.h
Examining data/cmt-1.16/src/freeverb/Components/revmodel.cpp
Examining data/cmt-1.16/src/freeverb/Components/revmodel.h
Examining data/cmt-1.16/src/freeverb/Components/tuning.h
Examining data/cmt-1.16/src/freeverb/Components/denormals.h
Examining data/cmt-1.16/src/freeverb/freeverb.cpp
Examining data/cmt-1.16/src/grain.cpp
Examining data/cmt-1.16/src/hardgate.cpp
Examining data/cmt-1.16/src/init.cpp
Examining data/cmt-1.16/src/ladspa_types.h
Examining data/cmt-1.16/src/lofi.cpp
Examining data/cmt-1.16/src/logistic.cpp
Examining data/cmt-1.16/src/mixer.cpp
Examining data/cmt-1.16/src/noise.cpp
Examining data/cmt-1.16/src/null.cpp
Examining data/cmt-1.16/src/organ.cpp
Examining data/cmt-1.16/src/peak.cpp
Examining data/cmt-1.16/src/phasemod.cpp
Examining data/cmt-1.16/src/pink.cpp
Examining data/cmt-1.16/src/pink_full.cpp
Examining data/cmt-1.16/src/pink_sh.cpp
Examining data/cmt-1.16/src/pinknoise.h
Examining data/cmt-1.16/src/run_adding.h
Examining data/cmt-1.16/src/sine.cpp
Examining data/cmt-1.16/src/sledgehammer.cpp
Examining data/cmt-1.16/src/syndrum.cpp
Examining data/cmt-1.16/src/utils.h
Examining data/cmt-1.16/src/vcf303.cpp
Examining data/cmt-1.16/src/wshape_sine.cpp
FINAL RESULTS:
data/cmt-1.16/src/cmt.cpp:35:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output, input);
data/cmt-1.16/src/delay.cpp:286:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(acLabel,
data/cmt-1.16/src/delay.cpp:291:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(acName,
data/cmt-1.16/src/ambisonic.cpp:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutW, pfInW, iSize);
data/cmt-1.16/src/ambisonic.cpp:399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutX, pfInX, iSize);
data/cmt-1.16/src/ambisonic.cpp:400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutY, pfInY, iSize);
data/cmt-1.16/src/ambisonic.cpp:401:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutZ, pfInZ, iSize);
data/cmt-1.16/src/ambisonic.cpp:575:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutW, pfInW, iSize);
data/cmt-1.16/src/ambisonic.cpp:576:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutZ, pfInZ, iSize);
data/cmt-1.16/src/ambisonic.cpp:625:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutW, pfInW, iSize);
data/cmt-1.16/src/ambisonic.cpp:626:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutZ, pfInZ, iSize);
data/cmt-1.16/src/ambisonic.cpp:627:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfOutR, pfInR, iSize);
data/cmt-1.16/src/delay.cpp:246:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * apcDelayTypeNames[DELAY_TYPE_COUNT] = {
data/cmt-1.16/src/delay.cpp:250:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * apcDelayTypeLabels[DELAY_TYPE_COUNT] = {
data/cmt-1.16/src/delay.cpp:285:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acLabel[100];
data/cmt-1.16/src/delay.cpp:290:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acName[100];
data/cmt-1.16/src/grain.cpp:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(poGrainScatter->m_pfBuffer + poGrainScatter->m_lWritePointer,
data/cmt-1.16/src/grain.cpp:235:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(poGrainScatter->m_pfBuffer,
data/cmt-1.16/src/grain.cpp:243:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(poGrainScatter->m_pfBuffer + poGrainScatter->m_lWritePointer,
data/cmt-1.16/src/init.cpp:75:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_ppsRegisteredDescriptors,
data/cmt-1.16/src/null.cpp:115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(poPlugin->m_ppfPorts[IDENTITY_OUTPUT],
data/cmt-1.16/src/cmt.cpp:34:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * output = new char[strlen(input) + 1];
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 9881 in approximately 0.27 seconds (36192 lines/second)
Physical Source Lines of Code (SLOC) = 6852
Hits@level = [0] 0 [1] 1 [2] 18 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 22 [1+] 22 [2+] 21 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 3.21074 [1+] 3.21074 [2+] 3.0648 [3+] 0.437828 [4+] 0.437828 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.