Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/codec2-0.9.2/misc/16_8_short.c
Examining data/codec2-0.9.2/misc/de.c
Examining data/codec2-0.9.2/misc/dvdongle2.c
Examining data/codec2-0.9.2/misc/extract.c
Examining data/codec2-0.9.2/misc/ge_train.c
Examining data/codec2-0.9.2/misc/generate_wideband_map.c
Examining data/codec2-0.9.2/misc/genlsp.c
Examining data/codec2-0.9.2/misc/mksine.c
Examining data/codec2-0.9.2/misc/pre.c
Examining data/codec2-0.9.2/misc/raw2h.c
Examining data/codec2-0.9.2/misc/sd.c
Examining data/codec2-0.9.2/misc/sd.h
Examining data/codec2-0.9.2/misc/speexnoisesup.c
Examining data/codec2-0.9.2/misc/t16_8.c
Examining data/codec2-0.9.2/misc/t16_8_short.c
Examining data/codec2-0.9.2/misc/t48_8.c
Examining data/codec2-0.9.2/misc/tc2wideband.c
Examining data/codec2-0.9.2/misc/tcodec2.c
Examining data/codec2-0.9.2/misc/tdct2.c
Examining data/codec2-0.9.2/misc/tdec.c
Examining data/codec2-0.9.2/misc/tinterp.c
Examining data/codec2-0.9.2/misc/tlininterp.c
Examining data/codec2-0.9.2/misc/tnlp.c
Examining data/codec2-0.9.2/misc/tprede.c
Examining data/codec2-0.9.2/misc/tquant.c
Examining data/codec2-0.9.2/misc/tsrc.c
Examining data/codec2-0.9.2/misc/vq_train_jvm.c
Examining data/codec2-0.9.2/misc/vqtrain.c
Examining data/codec2-0.9.2/src/H2064_516_sparse.h
Examining data/codec2-0.9.2/src/H2064_516_sparse_test.h
Examining data/codec2-0.9.2/src/HRA_112_112.c
Examining data/codec2-0.9.2/src/HRA_112_112.h
Examining data/codec2-0.9.2/src/HRA_112_112_test.h
Examining data/codec2-0.9.2/src/HRAb_396_504.c
Examining data/codec2-0.9.2/src/HRAb_396_504.h
Examining data/codec2-0.9.2/src/_kiss_fft_guts.h
Examining data/codec2-0.9.2/src/ampexp.h
Examining data/codec2-0.9.2/src/bpf.h
Examining data/codec2-0.9.2/src/bpfb.h
Examining data/codec2-0.9.2/src/c2dec.c
Examining data/codec2-0.9.2/src/c2demo.c
Examining data/codec2-0.9.2/src/c2enc.c
Examining data/codec2-0.9.2/src/c2file.h
Examining data/codec2-0.9.2/src/c2sim.c
Examining data/codec2-0.9.2/src/c2wideband.h
Examining data/codec2-0.9.2/src/c2wideband_map.h
Examining data/codec2-0.9.2/src/codebook.c
Examining data/codec2-0.9.2/src/codebookd.c
Examining data/codec2-0.9.2/src/codebookdt.c
Examining data/codec2-0.9.2/src/codebookge.c
Examining data/codec2-0.9.2/src/codebookjvm.c
Examining data/codec2-0.9.2/src/codebooknewamp1.c
Examining data/codec2-0.9.2/src/codebooknewamp1_energy.c
Examining data/codec2-0.9.2/src/codebookres.c
Examining data/codec2-0.9.2/src/codebookvq.c
Examining data/codec2-0.9.2/src/codec2.c
Examining data/codec2-0.9.2/src/codec2.h
Examining data/codec2-0.9.2/src/codec2_cohpsk.h
Examining data/codec2-0.9.2/src/codec2_fdmdv.h
Examining data/codec2-0.9.2/src/codec2_fft.c
Examining data/codec2-0.9.2/src/codec2_fft.h
Examining data/codec2-0.9.2/src/codec2_fifo.c
Examining data/codec2-0.9.2/src/codec2_fifo.h
Examining data/codec2-0.9.2/src/codec2_fm.h
Examining data/codec2-0.9.2/src/codec2_internal.h
Examining data/codec2-0.9.2/src/codec2_ofdm.h
Examining data/codec2-0.9.2/src/cohpsk.c
Examining data/codec2-0.9.2/src/cohpsk_ch.c
Examining data/codec2-0.9.2/src/cohpsk_defs.h
Examining data/codec2-0.9.2/src/cohpsk_demod.c
Examining data/codec2-0.9.2/src/cohpsk_get_test_bits.c
Examining data/codec2-0.9.2/src/cohpsk_internal.h
Examining data/codec2-0.9.2/src/cohpsk_mod.c
Examining data/codec2-0.9.2/src/cohpsk_put_test_bits.c
Examining data/codec2-0.9.2/src/comp.h
Examining data/codec2-0.9.2/src/comp_prim.h
Examining data/codec2-0.9.2/src/dct2.h
Examining data/codec2-0.9.2/src/debug_alloc.h
Examining data/codec2-0.9.2/src/defines.h
Examining data/codec2-0.9.2/src/drs232.c
Examining data/codec2-0.9.2/src/drs232_ldpc.c
Examining data/codec2-0.9.2/src/dump.c
Examining data/codec2-0.9.2/src/dump.h
Examining data/codec2-0.9.2/src/fdmdv.c
Examining data/codec2-0.9.2/src/fdmdv_channel.c
Examining data/codec2-0.9.2/src/fdmdv_demod.c
Examining data/codec2-0.9.2/src/fdmdv_get_test_bits.c
Examining data/codec2-0.9.2/src/fdmdv_internal.h
Examining data/codec2-0.9.2/src/fdmdv_mod.c
Examining data/codec2-0.9.2/src/fdmdv_put_test_bits.c
Examining data/codec2-0.9.2/src/filter.c
Examining data/codec2-0.9.2/src/filter.h
Examining data/codec2-0.9.2/src/filter_coef.h
Examining data/codec2-0.9.2/src/fm.c
Examining data/codec2-0.9.2/src/fm_demod.c
Examining data/codec2-0.9.2/src/fm_fir_coeff.h
Examining data/codec2-0.9.2/src/fmfsk.c
Examining data/codec2-0.9.2/src/fmfsk.h
Examining data/codec2-0.9.2/src/fmfsk_demod.c
Examining data/codec2-0.9.2/src/fmfsk_mod.c
Examining data/codec2-0.9.2/src/freedv_api.c
Examining data/codec2-0.9.2/src/freedv_api.h
Examining data/codec2-0.9.2/src/freedv_api_internal.h
Examining data/codec2-0.9.2/src/freedv_data_channel.c
Examining data/codec2-0.9.2/src/freedv_data_channel.h
Examining data/codec2-0.9.2/src/freedv_rx.c
Examining data/codec2-0.9.2/src/freedv_tx.c
Examining data/codec2-0.9.2/src/freedv_vhf_framing.c
Examining data/codec2-0.9.2/src/freedv_vhf_framing.h
Examining data/codec2-0.9.2/src/fsk.c
Examining data/codec2-0.9.2/src/fsk_demod.c
Examining data/codec2-0.9.2/src/fsk_get_test_bits.c
Examining data/codec2-0.9.2/src/fsk_mod.c
Examining data/codec2-0.9.2/src/fsk_mod_ext_vco.c
Examining data/codec2-0.9.2/src/fsk_put_test_bits.c
Examining data/codec2-0.9.2/src/generate_codebook.c
Examining data/codec2-0.9.2/src/golay23.c
Examining data/codec2-0.9.2/src/golay23.h
Examining data/codec2-0.9.2/src/golaydectable.h
Examining data/codec2-0.9.2/src/golayenctable.h
Examining data/codec2-0.9.2/src/gp_interleaver.c
Examining data/codec2-0.9.2/src/gp_interleaver.h
Examining data/codec2-0.9.2/src/hanning.h
Examining data/codec2-0.9.2/src/horus_api.c
Examining data/codec2-0.9.2/src/horus_api.h
Examining data/codec2-0.9.2/src/horus_demod.c
Examining data/codec2-0.9.2/src/horus_l2.c
Examining data/codec2-0.9.2/src/horus_l2.h
Examining data/codec2-0.9.2/src/ht_coeff.h
Examining data/codec2-0.9.2/src/insert_errors.c
Examining data/codec2-0.9.2/src/interldpc.c
Examining data/codec2-0.9.2/src/interldpc.h
Examining data/codec2-0.9.2/src/interp.c
Examining data/codec2-0.9.2/src/interp.h
Examining data/codec2-0.9.2/src/kiss_fft.c
Examining data/codec2-0.9.2/src/kiss_fft.h
Examining data/codec2-0.9.2/src/kiss_fftr.c
Examining data/codec2-0.9.2/src/kiss_fftr.h
Examining data/codec2-0.9.2/src/ldpc_dec.c
Examining data/codec2-0.9.2/src/ldpc_dec_test.c
Examining data/codec2-0.9.2/src/ldpc_enc.c
Examining data/codec2-0.9.2/src/ldpc_enc_test.c
Examining data/codec2-0.9.2/src/ldpc_noise.c
Examining data/codec2-0.9.2/src/linreg.c
Examining data/codec2-0.9.2/src/linreg.h
Examining data/codec2-0.9.2/src/lpc.c
Examining data/codec2-0.9.2/src/lpc.h
Examining data/codec2-0.9.2/src/lsp.c
Examining data/codec2-0.9.2/src/lsp.h
Examining data/codec2-0.9.2/src/machdep.h
Examining data/codec2-0.9.2/src/mbest.c
Examining data/codec2-0.9.2/src/mbest.h
Examining data/codec2-0.9.2/src/modem_probe.c
Examining data/codec2-0.9.2/src/modem_probe.h
Examining data/codec2-0.9.2/src/modem_stats.c
Examining data/codec2-0.9.2/src/modem_stats.h
Examining data/codec2-0.9.2/src/mpdecode_core.c
Examining data/codec2-0.9.2/src/mpdecode_core.h
Examining data/codec2-0.9.2/src/mpdecode_core_test.c
Examining data/codec2-0.9.2/src/mpdecode_core_test.h
Examining data/codec2-0.9.2/src/newamp1.c
Examining data/codec2-0.9.2/src/newamp1.h
Examining data/codec2-0.9.2/src/newamp2.c
Examining data/codec2-0.9.2/src/newamp2.h
Examining data/codec2-0.9.2/src/nlp.c
Examining data/codec2-0.9.2/src/nlp.h
Examining data/codec2-0.9.2/src/noise_samples.h
Examining data/codec2-0.9.2/src/octave.c
Examining data/codec2-0.9.2/src/octave.h
Examining data/codec2-0.9.2/src/ofdm.c
Examining data/codec2-0.9.2/src/ofdm_demod.c
Examining data/codec2-0.9.2/src/ofdm_gen_test_bits.c
Examining data/codec2-0.9.2/src/ofdm_get_test_bits.c
Examining data/codec2-0.9.2/src/ofdm_internal.h
Examining data/codec2-0.9.2/src/ofdm_mod.c
Examining data/codec2-0.9.2/src/ofdm_put_test_bits.c
Examining data/codec2-0.9.2/src/optparse.h
Examining data/codec2-0.9.2/src/os.h
Examining data/codec2-0.9.2/src/pack.c
Examining data/codec2-0.9.2/src/phase.c
Examining data/codec2-0.9.2/src/phase.h
Examining data/codec2-0.9.2/src/phaseexp.h
Examining data/codec2-0.9.2/src/phi0.c
Examining data/codec2-0.9.2/src/phi0.h
Examining data/codec2-0.9.2/src/pilot_coeff.h
Examining data/codec2-0.9.2/src/pilots_coh.h
Examining data/codec2-0.9.2/src/postfilter.c
Examining data/codec2-0.9.2/src/postfilter.h
Examining data/codec2-0.9.2/src/quantise.c
Examining data/codec2-0.9.2/src/quantise.h
Examining data/codec2-0.9.2/src/resample.c
Examining data/codec2-0.9.2/src/rn.h
Examining data/codec2-0.9.2/src/rn_coh.h
Examining data/codec2-0.9.2/src/rxdec_coeff.h
Examining data/codec2-0.9.2/src/sine.c
Examining data/codec2-0.9.2/src/sine.h
Examining data/codec2-0.9.2/src/ssbfilt_coeff.h
Examining data/codec2-0.9.2/src/tdma.c
Examining data/codec2-0.9.2/src/tdma.h
Examining data/codec2-0.9.2/src/test_bits.h
Examining data/codec2-0.9.2/src/test_bits_coh.h
Examining data/codec2-0.9.2/src/test_bits_ofdm.h
Examining data/codec2-0.9.2/src/varicode.c
Examining data/codec2-0.9.2/src/varicode.h
Examining data/codec2-0.9.2/src/varicode_table.h
Examining data/codec2-0.9.2/src/vhf_deframe_c2.c
Examining data/codec2-0.9.2/src/vhf_frame_c2.c
Examining data/codec2-0.9.2/src/wval.h
Examining data/codec2-0.9.2/src/fsk.h
Examining data/codec2-0.9.2/stm32/inc/debugblinky.h
Examining data/codec2-0.9.2/stm32/inc/gdb_stdio.h
Examining data/codec2-0.9.2/stm32/inc/iir_duc.h
Examining data/codec2-0.9.2/stm32/inc/iir_tuner.h
Examining data/codec2-0.9.2/stm32/inc/memtools.h
Examining data/codec2-0.9.2/stm32/inc/menu.h
Examining data/codec2-0.9.2/stm32/inc/morse.h
Examining data/codec2-0.9.2/stm32/inc/new_i2c.h
Examining data/codec2-0.9.2/stm32/inc/sfx.h
Examining data/codec2-0.9.2/stm32/inc/si53xx.h
Examining data/codec2-0.9.2/stm32/inc/sine.h
Examining data/codec2-0.9.2/stm32/inc/sm1000_leds_switches.h
Examining data/codec2-0.9.2/stm32/inc/sounds.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4_adc.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4_adc_tuner.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4_dac.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4_dacduc.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4_usart.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4_usb_vcp.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4_vrom.h
Examining data/codec2-0.9.2/stm32/inc/stm32f4xx_conf.h
Examining data/codec2-0.9.2/stm32/inc/tm_stm32f4_gpio.h
Examining data/codec2-0.9.2/stm32/inc/tm_stm32f4_mco_output.h
Examining data/codec2-0.9.2/stm32/inc/tone.h
Examining data/codec2-0.9.2/stm32/inc/tot.h
Examining data/codec2-0.9.2/stm32/src/adc_rec.c
Examining data/codec2-0.9.2/stm32/src/adc_rec_usb.c
Examining data/codec2-0.9.2/stm32/src/adc_sd.c
Examining data/codec2-0.9.2/stm32/src/adc_sfdr_ut.c
Examining data/codec2-0.9.2/stm32/src/adcdac_ut.c
Examining data/codec2-0.9.2/stm32/src/codec2_profile.c
Examining data/codec2-0.9.2/stm32/src/dac_it.c
Examining data/codec2-0.9.2/stm32/src/dac_play.c
Examining data/codec2-0.9.2/stm32/src/dac_ut.c
Examining data/codec2-0.9.2/stm32/src/dac_ut_fast.c
Examining data/codec2-0.9.2/stm32/src/debugblinky.c
Examining data/codec2-0.9.2/stm32/src/fast_dac_ut.c
Examining data/codec2-0.9.2/stm32/src/fdmdv_dump_rt.c
Examining data/codec2-0.9.2/stm32/src/fdmdv_profile.c
Examining data/codec2-0.9.2/stm32/src/fft_test.c
Examining data/codec2-0.9.2/stm32/src/freedv_rx_profile.c
Examining data/codec2-0.9.2/stm32/src/freedv_tx_profile.c
Examining data/codec2-0.9.2/stm32/src/gdb_stdio.c
Examining data/codec2-0.9.2/stm32/src/iir_duc.c
Examining data/codec2-0.9.2/stm32/src/iir_tuner.c
Examining data/codec2-0.9.2/stm32/src/init.c
Examining data/codec2-0.9.2/stm32/src/mco_ut.c
Examining data/codec2-0.9.2/stm32/src/memtools.c
Examining data/codec2-0.9.2/stm32/src/menu.c
Examining data/codec2-0.9.2/stm32/src/morse.c
Examining data/codec2-0.9.2/stm32/src/new_i2c.c
Examining data/codec2-0.9.2/stm32/src/power_ut.c
Examining data/codec2-0.9.2/stm32/src/sfx.c
Examining data/codec2-0.9.2/stm32/src/si5351_ut.c
Examining data/codec2-0.9.2/stm32/src/si53xx.c
Examining data/codec2-0.9.2/stm32/src/sine.c
Examining data/codec2-0.9.2/stm32/src/sm1000_leds_switches.c
Examining data/codec2-0.9.2/stm32/src/sm1000_leds_switches_ut.c
Examining data/codec2-0.9.2/stm32/src/sm1000_main.c
Examining data/codec2-0.9.2/stm32/src/sounds.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_adc.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_adc_tuner.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_dac.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_dacduc.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_dacloduc.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_machdep.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_pwm.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_usart.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_usb_vcp.c
Examining data/codec2-0.9.2/stm32/src/stm32f4_vrom.c
Examining data/codec2-0.9.2/stm32/src/system_stm32f4xx.c
Examining data/codec2-0.9.2/stm32/src/timer_ut.c
Examining data/codec2-0.9.2/stm32/src/tm_stm32f4_gpio.c
Examining data/codec2-0.9.2/stm32/src/tm_stm32f4_mco_output.c
Examining data/codec2-0.9.2/stm32/src/tone.c
Examining data/codec2-0.9.2/stm32/src/tot.c
Examining data/codec2-0.9.2/stm32/src/tuner_ut.c
Examining data/codec2-0.9.2/stm32/src/usart_ut.c
Examining data/codec2-0.9.2/stm32/src/usb_vcp_ut.c
Examining data/codec2-0.9.2/stm32/src/usb_vsp_ut.c
Examining data/codec2-0.9.2/stm32/stlink/elfsym.c
Examining data/codec2-0.9.2/stm32/stlink/elfsym.h
Examining data/codec2-0.9.2/stm32/unittest/src/init.c
Examining data/codec2-0.9.2/stm32/unittest/src/semihosting.c
Examining data/codec2-0.9.2/stm32/unittest/src/semihosting.h
Examining data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_api_demod_700d_profile.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_api_mod_700d_profile.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_api_tx.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_codec2_fft_init.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_dec.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_enc.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_mod.c
Examining data/codec2-0.9.2/stm32/unittest/src/tst_semihost.c
Examining data/codec2-0.9.2/stm32/usb_conf/usb_bsp.c
Examining data/codec2-0.9.2/stm32/usb_conf/usb_bsp.h
Examining data/codec2-0.9.2/stm32/usb_conf/usb_conf.h
Examining data/codec2-0.9.2/stm32/usb_conf/usbd_conf.h
Examining data/codec2-0.9.2/stm32/usb_conf/usbd_desc.c
Examining data/codec2-0.9.2/stm32/usb_conf/usbd_desc.h
Examining data/codec2-0.9.2/stm32/usb_conf/usbd_usr.c
Examining data/codec2-0.9.2/stm32/usb_lib/cdc/usbd_cdc_core.c
Examining data/codec2-0.9.2/stm32/usb_lib/cdc/usbd_cdc_core.h
Examining data/codec2-0.9.2/stm32/usb_lib/cdc/usbd_cdc_vcp.c
Examining data/codec2-0.9.2/stm32/usb_lib/cdc/usbd_cdc_vcp.h
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_core.c
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_core.h
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_def.h
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_ioreq.c
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_ioreq.h
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_req.c
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_req.h
Examining data/codec2-0.9.2/stm32/usb_lib/core/usbd_usr.h
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_core.c
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_core.h
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_dcd.c
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_dcd.h
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_dcd_int.c
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_dcd_int.h
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_defines.h
Examining data/codec2-0.9.2/stm32/usb_lib/otg/usb_regs.h
Examining data/codec2-0.9.2/unittest/compare_floats.c
Examining data/codec2-0.9.2/unittest/compare_ints.c
Examining data/codec2-0.9.2/unittest/fdmdv_mem.c
Examining data/codec2-0.9.2/unittest/function_trace.c
Examining data/codec2-0.9.2/unittest/hts1a.h
Examining data/codec2-0.9.2/unittest/hts1a_1300.h
Examining data/codec2-0.9.2/unittest/ofdm_mem.c
Examining data/codec2-0.9.2/unittest/ofdm_stack.c
Examining data/codec2-0.9.2/unittest/sd.c
Examining data/codec2-0.9.2/unittest/sd.h
Examining data/codec2-0.9.2/unittest/t_helpers.c
Examining data/codec2-0.9.2/unittest/t_helpers.h
Examining data/codec2-0.9.2/unittest/tcohpsk.c
Examining data/codec2-0.9.2/unittest/tcontphase.c
Examining data/codec2-0.9.2/unittest/tdeframer.c
Examining data/codec2-0.9.2/unittest/test_phi0.c
Examining data/codec2-0.9.2/unittest/tfdmdv.c
Examining data/codec2-0.9.2/unittest/tfifo.c
Examining data/codec2-0.9.2/unittest/tfmfsk.c
Examining data/codec2-0.9.2/unittest/tfreedv_data_channel.c
Examining data/codec2-0.9.2/unittest/tfsk.c
Examining data/codec2-0.9.2/unittest/tnewamp1.c
Examining data/codec2-0.9.2/unittest/tnlp.c
Examining data/codec2-0.9.2/unittest/tofdm.c
Examining data/codec2-0.9.2/unittest/tprede.c
Examining data/codec2-0.9.2/unittest/tst_codec2_fft_init.c
Examining data/codec2-0.9.2/lpcnet/src/4stage_direct_split_vq.c
Examining data/codec2-0.9.2/lpcnet/src/4stage_pred_vq.c
Examining data/codec2-0.9.2/lpcnet/src/_kiss_fft_guts.h
Examining data/codec2-0.9.2/lpcnet/src/arch.h
Examining data/codec2-0.9.2/lpcnet/src/celt_lpc.c
Examining data/codec2-0.9.2/lpcnet/src/celt_lpc.h
Examining data/codec2-0.9.2/lpcnet/src/codec2_kiss_fft.h
Examining data/codec2-0.9.2/lpcnet/src/codec2_pitch.c
Examining data/codec2-0.9.2/lpcnet/src/codec2_pitch.h
Examining data/codec2-0.9.2/lpcnet/src/common.h
Examining data/codec2-0.9.2/lpcnet/src/diff32.c
Examining data/codec2-0.9.2/lpcnet/src/dump_data.c
Examining data/codec2-0.9.2/lpcnet/src/freq.c
Examining data/codec2-0.9.2/lpcnet/src/freq.h
Examining data/codec2-0.9.2/lpcnet/src/idct.c
Examining data/codec2-0.9.2/lpcnet/src/kiss_fft.c
Examining data/codec2-0.9.2/lpcnet/src/kiss_fft.h
Examining data/codec2-0.9.2/lpcnet/src/lpcnet.c
Examining data/codec2-0.9.2/lpcnet/src/lpcnet.h
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_dump.c
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_dump.h
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_freedv.c
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_freedv.h
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_freedv_internal.h
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_quant.c
Examining data/codec2-0.9.2/lpcnet/src/lpcnet_quant.h
Examining data/codec2-0.9.2/lpcnet/src/mbest.c
Examining data/codec2-0.9.2/lpcnet/src/mbest.h
Examining data/codec2-0.9.2/lpcnet/src/nnet.c
Examining data/codec2-0.9.2/lpcnet/src/nnet.h
Examining data/codec2-0.9.2/lpcnet/src/nnet2f32.c
Examining data/codec2-0.9.2/lpcnet/src/nnet_rw.c
Examining data/codec2-0.9.2/lpcnet/src/nnet_rw.h
Examining data/codec2-0.9.2/lpcnet/src/opus_types.h
Examining data/codec2-0.9.2/lpcnet/src/pitch.c
Examining data/codec2-0.9.2/lpcnet/src/pitch.h
Examining data/codec2-0.9.2/lpcnet/src/quant2c.c
Examining data/codec2-0.9.2/lpcnet/src/quant_dec.c
Examining data/codec2-0.9.2/lpcnet/src/quant_enc.c
Examining data/codec2-0.9.2/lpcnet/src/quant_feat.c
Examining data/codec2-0.9.2/lpcnet/src/quant_test.c
Examining data/codec2-0.9.2/lpcnet/src/ramp.c
Examining data/codec2-0.9.2/lpcnet/src/tansig_table.h
Examining data/codec2-0.9.2/lpcnet/src/tcodec2_pitch.c
Examining data/codec2-0.9.2/lpcnet/src/tdump.c
Examining data/codec2-0.9.2/lpcnet/src/test_lpcnet.c
Examining data/codec2-0.9.2/lpcnet/src/test_vec.c
Examining data/codec2-0.9.2/lpcnet/src/vec.h
Examining data/codec2-0.9.2/lpcnet/src/vec_avx.h
Examining data/codec2-0.9.2/lpcnet/src/vec_neon.h
Examining data/codec2-0.9.2/lpcnet/src/weight.c
Examining data/codec2-0.9.2/lpcnet191005/nnet_data.c
Examining data/codec2-0.9.2/lpcnet191005/nnet_data.h
FINAL RESULTS:
data/codec2-0.9.2/stm32/src/stm32f4_machdep.c:83:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(buf, tmp, sizeof(buf)-1);
data/codec2-0.9.2/lpcnet/src/nnet2f32.c:27:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int ret = sprintf(cmd, "set -x; diff %s copy.f32; if [ $? -eq 0 ]; then { echo PASS; exit 0; } else { echo FAIL; exit 1; } fi", argv[1]);
data/codec2-0.9.2/lpcnet/src/nnet2f32.c:28:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/codec2-0.9.2/lpcnet/src/quant2c.c:36:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnames, argv[1]);
data/codec2-0.9.2/lpcnet/src/quant2c.c:41:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, p);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:133:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(label, optarg);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:149:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnames, optarg);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:154:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, p);
data/codec2-0.9.2/lpcnet/src/quant_test.c:79:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(label, optarg);
data/codec2-0.9.2/misc/generate_wideband_map.c:135:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/codec2-0.9.2/misc/generate_wideband_map.c:136:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, format);
data/codec2-0.9.2/misc/generate_wideband_map.c:152:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(header);
data/codec2-0.9.2/misc/vq_train_jvm.c:453:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s1.txt", argv[4]);
data/codec2-0.9.2/misc/vq_train_jvm.c:464:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s2.txt", argv[4]);
data/codec2-0.9.2/misc/vq_train_jvm.c:475:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s3.txt", argv[4]);
data/codec2-0.9.2/src/c2sim.c:265:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phaseexp_arg, optarg);
data/codec2-0.9.2/src/c2sim.c:267:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ampexp_arg, optarg);
data/codec2-0.9.2/src/c2sim.c:278:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_name, "%s_am.out", optarg);
data/codec2-0.9.2/src/c2sim.c:285:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_name, "%s_hm.out", optarg);
data/codec2-0.9.2/src/c2sim.c:292:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_name, "%s_Wo.out", optarg);
data/codec2-0.9.2/src/c2sim.c:375:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_file,optarg);
data/codec2-0.9.2/src/cohpsk_ch.c:191:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", raw_dir, SLOW_FADING_FILE_NAME);
data/codec2-0.9.2/src/cohpsk_ch.c:205:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", raw_dir, FAST_FADING_FILE_NAME);
data/codec2-0.9.2/src/cohpsk_ch.c:212:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", raw_dir, FASTER_FADING_FILE_NAME);
data/codec2-0.9.2/src/dump.c:37:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf gdb_stdio_fprintf
data/codec2-0.9.2/src/dump.c:79:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix, p);
data/codec2-0.9.2/src/dump.c:150:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_sn.txt", prefix);
data/codec2-0.9.2/src/dump.c:173:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_sw.txt", prefix);
data/codec2-0.9.2/src/dump.c:191:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_sw_.txt", prefix);
data/codec2-0.9.2/src/dump.c:209:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_ew.txt", prefix);
data/codec2-0.9.2/src/dump.c:228:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_softdec.txt", prefix);
data/codec2-0.9.2/src/dump.c:246:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_model.txt", prefix);
data/codec2-0.9.2/src/dump.c:254:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/codec2-0.9.2/src/dump.c:259:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line,s);
data/codec2-0.9.2/src/dump.c:264:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line,s);
data/codec2-0.9.2/src/dump.c:276:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_qmodel.txt", prefix);
data/codec2-0.9.2/src/dump.c:284:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/codec2-0.9.2/src/dump.c:289:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/codec2-0.9.2/src/dump.c:294:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/codec2-0.9.2/src/dump.c:305:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_phase.txt", prefix);
data/codec2-0.9.2/src/dump.c:324:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_phase_.txt", prefix);
data/codec2-0.9.2/src/dump.c:344:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_hephase.txt", prefix);
data/codec2-0.9.2/src/dump.c:361:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_snr.txt", prefix);
data/codec2-0.9.2/src/dump.c:375:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_lpc_snr.txt", prefix);
data/codec2-0.9.2/src/dump.c:392:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_pwb.txt", prefix);
data/codec2-0.9.2/src/dump.c:409:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_pw.txt", prefix);
data/codec2-0.9.2/src/dump.c:426:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_rw.txt", prefix);
data/codec2-0.9.2/src/dump.c:443:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_weights.txt", prefix);
data/codec2-0.9.2/src/dump.c:460:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_lsp.txt", prefix);
data/codec2-0.9.2/src/dump.c:477:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_lsp_.txt", prefix);
data/codec2-0.9.2/src/dump.c:494:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_mel.txt", prefix);
data/codec2-0.9.2/src/dump.c:511:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_mel_indexes.txt", prefix);
data/codec2-0.9.2/src/dump.c:528:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_ak.txt", prefix);
data/codec2-0.9.2/src/dump.c:545:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_ak_.txt", prefix);
data/codec2-0.9.2/src/dump.c:562:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_fw.txt", prefix);
data/codec2-0.9.2/src/dump.c:579:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_e.txt", prefix);
data/codec2-0.9.2/src/dump.c:599:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_sq.txt", prefix);
data/codec2-0.9.2/src/dump.c:619:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_dec.txt", prefix);
data/codec2-0.9.2/src/dump.c:635:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_bg.txt", prefix);
data/codec2-0.9.2/src/dump.c:649:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_E.txt", prefix);
data/codec2-0.9.2/src/dump.c:665:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s_rk.txt", prefix);
data/codec2-0.9.2/src/generate_codebook.c:150:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/codec2-0.9.2/src/generate_codebook.c:151:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, format);
data/codec2-0.9.2/src/generate_codebook.c:168:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(header);
data/codec2-0.9.2/src/golay23.c:213:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(enc, x < 4095 ? " 0x%x,\n" : " 0x%x\n", encoding_table[x]);
data/codec2-0.9.2/src/golay23.c:221:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dec, x < 2047 ? " 0x%x,\n" : " 0x%x\n", decoding_table[x]);
data/codec2-0.9.2/src/horus_api.c:334:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hex_out, hex);
data/codec2-0.9.2/src/horus_l2.c:659:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf("mask: 0x%x tx[%d] = 0x%x ", mask, i, tx[i]);
data/codec2-0.9.2/src/horus_l2.c:663:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf("0x%x\n", tx[i]);
data/codec2-0.9.2/src/horus_l2.c:689:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf("mask: 0x%x tx[%d] = 0x%x ", mask, i, tx[i]);
data/codec2-0.9.2/src/horus_l2.c:693:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf("0x%x\n", tx[i]);
data/codec2-0.9.2/src/modem_probe.c:66:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(run,runname);
data/codec2-0.9.2/src/modem_probe.c:67:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mod,modname);
data/codec2-0.9.2/src/modem_probe.c:156:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(npti->name,tracename);
data/codec2-0.9.2/src/octave.c:67:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = vsnprintf(&buffer[*buf_idx_ptr], max_buf - *buf_idx_ptr, pFormat, ap);
data/codec2-0.9.2/src/tdma.c:522:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,underline);
data/codec2-0.9.2/stm32/inc/gdb_stdio.h:41:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/codec2_profile.c:42:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/fdmdv_dump_rt.c:53:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/fdmdv_dump_rt.c:54:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf gdb_stdio_fprintf
data/codec2-0.9.2/stm32/src/fdmdv_profile.c:43:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/freedv_rx_profile.c:44:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/freedv_rx_profile.c:49:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf gdb_stdio_fprintf
data/codec2-0.9.2/stm32/src/freedv_tx_profile.c:40:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/gdb_stdio.c:62:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str, MAX_STR, format, arg);
data/codec2-0.9.2/stm32/src/gdb_stdio.c:77:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str, MAX_STR, format, arg);
data/codec2-0.9.2/stm32/src/power_ut.c:45:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/stm32f4_machdep.c:37:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf gdb_stdio_printf
data/codec2-0.9.2/stm32/src/stm32f4_usart.c:67:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s, MAX_FMT_SIZE, fmt, ap);
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:155:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
memtools_find_unused(printf);
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:236:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
memtools_find_unused(printf);
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:129:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
memtools_find_unused(printf);
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:219:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
memtools_find_unused(printf);
data/codec2-0.9.2/unittest/compare_floats.c:29:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/codec2-0.9.2/unittest/compare_floats.c:35:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/codec2-0.9.2/unittest/compare_ints.c:88:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/codec2-0.9.2/unittest/compare_ints.c:94:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/codec2-0.9.2/lpcnet/src/diff32.c:25:6: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long(argc,argv,"sc",long_opts,&opt_idx);
data/codec2-0.9.2/lpcnet/src/dump_data.c:290:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long(argc,argv,"chn:rtz:i",long_opts,&opt_idx);
data/codec2-0.9.2/lpcnet/src/idct.c:46:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "t:sm", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c:88:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "b:d:n:o:p:svi:u:r:", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c:81:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "d:n:o:p:svi:u:", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/quant_dec.c:54:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "d:n:o:p:v", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/quant_enc.c:49:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "d:n:o:p:v", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/quant_feat.c:93:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "ad:q:vs:f:p:e:u:l:m:h:wg:o:ix:", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/quant_test.c:67:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "d:l:o:p:s:v", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/test_lpcnet.c:53:6: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long(argc,argv,"ihn:l:",long_opts,&opt_idx);
data/codec2-0.9.2/misc/extract.c:37:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "s:e:t:g:p:d:", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/misc/tdec.c:64:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "cdef")) != -1) {
data/codec2-0.9.2/misc/tlininterp.c:69:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "cdf")) != -1) {
data/codec2-0.9.2/misc/tsrc.c:62:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "lc")) != -1) {
data/codec2-0.9.2/misc/vqtrain.c:99:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long(argc,argv,"hr:s:",long_opts,&opt_idx);
data/codec2-0.9.2/src/c2dec.c:186:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int opt = getopt_long(argc, argv, opt_string,
data/codec2-0.9.2/src/c2sim.c:180:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int opt = getopt_long(argc, argv, opt_string,
data/codec2-0.9.2/src/cohpsk_demod.c:92:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long(argc,argv,"ho:nsv",long_opts,&opt_idx);
data/codec2-0.9.2/src/fsk_demod.c:106:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long(argc,argv,"fhlp:cdt::sb:u:",long_opts,&opt_idx);
data/codec2-0.9.2/src/fsk_demod.c:236:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(158324);
data/codec2-0.9.2/src/fsk_get_test_bits.c:72:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(158324);
data/codec2-0.9.2/src/fsk_get_test_bits.c:78:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(158324);
data/codec2-0.9.2/src/fsk_put_test_bits.c:63:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(158324);
data/codec2-0.9.2/src/horus_demod.c:71:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
o = getopt_long(argc,argv,"hvcm:t::",long_opts,&opt_idx);
data/codec2-0.9.2/unittest/compare_floats.c:23:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "t:")) != -1) {
data/codec2-0.9.2/unittest/compare_ints.c:70:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "b:cst:n:")) != -1) {
data/codec2-0.9.2/unittest/ofdm_stack.c:74:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "df:p")) != -1) {
data/codec2-0.9.2/unittest/tdeframer.c:71:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(1);
data/codec2-0.9.2/unittest/tfmfsk.c:108:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(1);
data/codec2-0.9.2/unittest/tfsk.c:123:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(1);
data/codec2-0.9.2/unittest/tofdm.c:169:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "n:l", long_options, &opt_index)) != -1) {
data/codec2-0.9.2/lpcnet/src/common.h:78:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define RNN_COPY(dst, src, n) (memcpy((dst), (src), (n)*sizeof(*(dst)) + 0*((dst)-(src)) ))
data/codec2-0.9.2/lpcnet/src/diff32.c:29:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stride = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/diff32.c:47:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file1 = fopen(argv[dx], "rb");
data/codec2-0.9.2/lpcnet/src/diff32.c:53:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file2 = fopen(argv[dx+1], "rb");
data/codec2-0.9.2/lpcnet/src/dump_data.c:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, Ly, sizeof(float)*NB_BANDS);
data/codec2-0.9.2/lpcnet/src/dump_data.c:212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[4*FRAME_SIZE];
data/codec2-0.9.2/lpcnet/src/dump_data.c:315:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fuzz = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/dump_data.c:349:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(argv[dx], "rb");
data/codec2-0.9.2/lpcnet/src/dump_data.c:358:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffeat = fopen(argv[dx+1], "wb");
data/codec2-0.9.2/lpcnet/src/dump_data.c:365:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpcm = fopen(argv[dx+2], "wb");
data/codec2-0.9.2/lpcnet/src/idct.c:55:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stride = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/lpcnet.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lpcnet->old_input[0], in, FRAME_INPUT_SIZE*sizeof(in[0]));
data/codec2-0.9.2/lpcnet/src/lpcnet.c:131:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpcnet->ftest = fopen(file_name, "wb");
data/codec2-0.9.2/lpcnet/src/lpcnet.c:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lpc, lpcnet->old_lpc[FEATURES_DELAY-1], LPC_ORDER*sizeof(lpc[0]));
data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c:91:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(optarg, "rb")) == NULL) {
data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c:97:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(optarg, "wb")) == NULL) {
data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c:107:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dec = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c:111:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_stages = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c:115:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pitch_bits = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/lpcnet_dec.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[q->bits_per_frame];
data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c:84:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(optarg, "rb")) == NULL) {
data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c:90:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(optarg, "wb")) == NULL) {
data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c:96:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dec = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c:100:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_stages = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c:104:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pitch_bits = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/lpcnet_enc.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[lpcnet_bits_per_frame(lf)];
data/codec2-0.9.2/lpcnet/src/lpcnet_quant.c:179:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80]; sprintf(str,"Stage %d:", s+1);
data/codec2-0.9.2/lpcnet/src/lpcnet_quant.c:179:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char str[80]; sprintf(str,"Stage %d:", s+1);
data/codec2-0.9.2/lpcnet/src/nnet2f32.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256];
data/codec2-0.9.2/lpcnet/src/nnet_rw.c:220:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f32 = fopen(fn, "wb");
data/codec2-0.9.2/lpcnet/src/nnet_rw.c:244:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f32 = fopen(fn, "rb"); assert(f32 != NULL);
data/codec2-0.9.2/lpcnet/src/nnet_rw.c:265:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f32 = fopen(fn, "rb"); assert(f32 != NULL);
data/codec2-0.9.2/lpcnet/src/quant2c.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnames[256];
data/codec2-0.9.2/lpcnet/src/quant2c.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/codec2-0.9.2/lpcnet/src/quant2c.c:49:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fq=fopen(fn, "rb");
data/codec2-0.9.2/lpcnet/src/quant_dec.c:57:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dec = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_dec.c:61:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_stages = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_dec.c:65:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pitch_bits = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_dec.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[q->bits_per_frame];
data/codec2-0.9.2/lpcnet/src/quant_enc.c:52:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dec = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_enc.c:56:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_stages = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_enc.c:60:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pitch_bits = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_enc.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[q->bits_per_frame];
data/codec2-0.9.2/lpcnet/src/quant_feat.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnames[256];
data/codec2-0.9.2/lpcnet/src/quant_feat.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[256];
data/codec2-0.9.2/lpcnet/src/quant_feat.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[80] = "";
data/codec2-0.9.2/lpcnet/src/quant_feat.c:101:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:107:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpcnet_fsv = fopen(optarg, "wt"); assert(lpcnet_fsv != NULL);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:110:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dec = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:115:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpitch = fopen(optarg, "rt"); assert(fpitch != NULL);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:136:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mbest_survivors = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:140:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pitch_bits = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_feat.c:162:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fq=fopen(fn, "rb");
data/codec2-0.9.2/lpcnet/src/quant_test.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[80] = "";
data/codec2-0.9.2/lpcnet/src/quant_test.c:71:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpcnet_fsv = fopen(optarg, "wt"); assert(lpcnet_fsv != NULL);
data/codec2-0.9.2/lpcnet/src/quant_test.c:74:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dec = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_test.c:82:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pitch_bits = atoi(optarg);
data/codec2-0.9.2/lpcnet/src/quant_test.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[bits_per_frame];
data/codec2-0.9.2/lpcnet/src/ramp.c:13:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen("ramp.f32", "wb"); assert(fout != NULL);
data/codec2-0.9.2/lpcnet/src/tcodec2_pitch.c:42:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(argv[1],"rb")) == NULL) {
data/codec2-0.9.2/lpcnet/src/tcodec2_pitch.c:49:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(argv[2],"wt")) == NULL) {
data/codec2-0.9.2/lpcnet/src/tdump.c:54:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(argv[1], "rb");
data/codec2-0.9.2/lpcnet/src/tdump.c:63:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffeat = fopen(argv[2], "wb");
data/codec2-0.9.2/lpcnet/src/test_lpcnet.c:83:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[dx], "rb");
data/codec2-0.9.2/lpcnet/src/test_lpcnet.c:92:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[dx+1], "wb");
data/codec2-0.9.2/misc/16_8_short.c:30:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f16 = fopen(argv[1], "rb");
data/codec2-0.9.2/misc/16_8_short.c:32:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f8 = fopen(argv[2], "wb");
data/codec2-0.9.2/misc/de.c:33:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/misc/de.c:40:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/misc/dvdongle2.c:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[MAX_STR];
data/codec2-0.9.2/misc/dvdongle2.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_data[MAX_MSG_LEN];
data/codec2-0.9.2/misc/dvdongle2.c:251:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/tmp/log.txt", "wt");
data/codec2-0.9.2/misc/dvdongle2.c:256:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/ttyUSB0", O_RDWR | O_NOCTTY | O_NDELAY);
data/codec2-0.9.2/misc/dvdongle2.c:268:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[1],"rb");
data/codec2-0.9.2/misc/dvdongle2.c:273:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[2],"wb");
data/codec2-0.9.2/misc/extract.c:40:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
st = atoi(optarg);
data/codec2-0.9.2/misc/extract.c:43:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
en = atoi(optarg);
data/codec2-0.9.2/misc/extract.c:46:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stride = atoi(optarg);
data/codec2-0.9.2/misc/extract.c:55:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame_delay = atoi(optarg);
data/codec2-0.9.2/misc/extract.c:68:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[optind],"rb"); assert(fin != NULL);
data/codec2-0.9.2/misc/extract.c:69:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[optind+1],"wb"); assert(fout != NULL);
data/codec2-0.9.2/misc/ge_train.c:224:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ndim = atoi(argv[1]);
data/codec2-0.9.2/misc/ge_train.c:225:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb_vectors = atoi(argv[2]);
data/codec2-0.9.2/misc/ge_train.c:226:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb_entries = 1<<atoi(argv[3]);
data/codec2-0.9.2/misc/generate_wideband_map.c:110:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
load(FILE * file, const char * name, float b[Nt][K])
data/codec2-0.9.2/misc/generate_wideband_map.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/codec2-0.9.2/misc/generate_wideband_map.c:141:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in = fopen(argv[i + 2], "r");
data/codec2-0.9.2/misc/genlsp.c:84:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fspc = fopen(argv[1],"rb");
data/codec2-0.9.2/misc/genlsp.c:90:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flsp = fopen(argv[2],"wt");
data/codec2-0.9.2/misc/genlsp.c:170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lsp_prev, lsp, sizeof(lsp));
data/codec2-0.9.2/misc/mksine.c:33:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ( (f = fopen(argv[1],"wb")) == NULL ) {
data/codec2-0.9.2/misc/pre.c:33:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/misc/pre.c:40:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/misc/raw2h.c:25:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fraw = fopen(argv[1] ,"rb");
data/codec2-0.9.2/misc/raw2h.c:27:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fheader = fopen(argv[2],"wt");
data/codec2-0.9.2/misc/raw2h.c:29:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
samples = atoi(argv[4]);
data/codec2-0.9.2/misc/speexnoisesup.c:33:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/misc/speexnoisesup.c:39:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fout = fopen(argv[2],"wb")) == NULL) {
data/codec2-0.9.2/misc/t16_8.c:47:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f16 = fopen("out16.raw", "wb");
data/codec2-0.9.2/misc/t16_8.c:49:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f8 = fopen("out8.raw", "wb");
data/codec2-0.9.2/misc/t16_8_short.c:45:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f16 = fopen("out16_short.raw", "wb");
data/codec2-0.9.2/misc/t16_8_short.c:47:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f8 = fopen("out8.raw", "wb");
data/codec2-0.9.2/misc/t48_8.c:48:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f48 = fopen("out48.raw", "wb");
data/codec2-0.9.2/misc/t48_8.c:50:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f8 = fopen("out8.raw", "wb");
data/codec2-0.9.2/misc/tc2wideband.c:288:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen(argv[1], "rb");
data/codec2-0.9.2/misc/tc2wideband.c:349:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen("tc2wideband_out.txt", "wt");
data/codec2-0.9.2/misc/tcodec2.c:72:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen("../raw/hts1a.raw", "rb");
data/codec2-0.9.2/misc/tcodec2.c:74:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("hts1a_test.raw", "wb");
data/codec2-0.9.2/misc/tcodec2.c:112:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen("../raw/hts1a.raw", "rb");
data/codec2-0.9.2/misc/tcodec2.c:114:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("hts1a_test.raw", "wb");
data/codec2-0.9.2/misc/tcodec2.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c2->prev_model, &model, sizeof(MODEL));
data/codec2-0.9.2/misc/tcodec2.c:193:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen("../raw/hts1a.raw", "rb");
data/codec2-0.9.2/misc/tcodec2.c:195:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("hts1a_test.raw", "wb");
data/codec2-0.9.2/misc/tcodec2.c:197:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fbits = fopen("hts1a_test3.bit", "wb");
data/codec2-0.9.2/misc/tdec.c:47:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[1], "rb");
data/codec2-0.9.2/misc/tdec.c:53:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[2], "wb");
data/codec2-0.9.2/misc/tdec.c:56:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dec = atoi(argv[3]);
data/codec2-0.9.2/misc/tinterp.c:59:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file,"wt");
data/codec2-0.9.2/misc/tinterp.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAX_STR];
data/codec2-0.9.2/misc/tinterp.c:73:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, s, p-s);
data/codec2-0.9.2/misc/tinterp.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAX_STR];
data/codec2-0.9.2/misc/tinterp.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, s, p-s);
data/codec2-0.9.2/misc/tinterp.c:90:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*num = atoi(tmp);
data/codec2-0.9.2/misc/tinterp.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/codec2-0.9.2/misc/tinterp.c:102:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file,"rt");
data/codec2-0.9.2/misc/tlininterp.c:48:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[1], "rb");
data/codec2-0.9.2/misc/tlininterp.c:54:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[2], "wb");
data/codec2-0.9.2/misc/tnlp.c:82:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[argc+1]);
data/codec2-0.9.2/misc/tnlp.c:105:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(argv[1],"rb")) == NULL) {
data/codec2-0.9.2/misc/tnlp.c:112:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(argv[2],"wt")) == NULL) {
data/codec2-0.9.2/misc/tprede.c:33:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fprede = fopen("prede.txt", "wt");
data/codec2-0.9.2/misc/tquant.c:89:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fe = fopen("energy_err.txt", "wt");
data/codec2-0.9.2/misc/tquant.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/misc/tquant.c:143:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"lsp%d_err.txt", lsp_number+1);
data/codec2-0.9.2/misc/tquant.c:144:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flsp = fopen(s, "wt");
data/codec2-0.9.2/misc/tquant.c:173:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("quant_pitch.txt","wt");
data/codec2-0.9.2/misc/tquant.c:197:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("quant_pitch_err.txt","wt");
data/codec2-0.9.2/misc/tsrc.c:45:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[1], "rb");
data/codec2-0.9.2/misc/tsrc.c:51:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[2], "wb");
data/codec2-0.9.2/misc/vq_train_jvm.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/codec2-0.9.2/misc/vq_train_jvm.c:298:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ndim = atoi(argv[2]);
data/codec2-0.9.2/misc/vq_train_jvm.c:299:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb_vectors = atoi(argv[3]);
data/codec2-0.9.2/misc/vq_train_jvm.c:300:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb_entries = atoi(argv[3]);
data/codec2-0.9.2/misc/vq_train_jvm.c:304:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftrain = fopen(argv[1],"rt"); assert(ftrain != NULL);
data/codec2-0.9.2/misc/vq_train_jvm.c:454:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcb = fopen(filename, "wt"); assert(fcb != NULL);
data/codec2-0.9.2/misc/vq_train_jvm.c:465:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcb = fopen(filename, "wt"); assert(fcb != NULL);
data/codec2-0.9.2/misc/vq_train_jvm.c:476:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcb = fopen(filename, "wt"); assert(fcb != NULL);
data/codec2-0.9.2/misc/vqtrain.c:103:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fres = fopen(optarg,"wb"); assert(fres != NULL);
data/codec2-0.9.2/misc/vqtrain.c:130:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftrain = fopen(argv[dx],"rb");
data/codec2-0.9.2/misc/vqtrain.c:138:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atol(argv[dx+1]);
data/codec2-0.9.2/misc/vqtrain.c:139:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m = atol(argv[dx+2]);
data/codec2-0.9.2/misc/vqtrain.c:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cb, cent, k*sizeof(float));
data/codec2-0.9.2/misc/vqtrain.c:224:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cb[i*k], ¢[i*k], k*sizeof(float));
data/codec2-0.9.2/misc/vqtrain.c:232:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fvq = fopen(argv[dx+3],"wt");
data/codec2-0.9.2/src/c2dec.c:97:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[2],"rb")) == NULL ) {
data/codec2-0.9.2/src/c2dec.c:104:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[3],"wb")) == NULL ) {
data/codec2-0.9.2/src/c2dec.c:158:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bit_rate = atoi(argv[1]);
data/codec2-0.9.2/src/c2dec.c:197:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nstart_bit = atoi(optarg);
data/codec2-0.9.2/src/c2dec.c:199:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nend_bit = atoi(optarg);
data/codec2-0.9.2/src/c2dec.c:201:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fber = fopen(optarg,"wt")) == NULL) {
data/codec2-0.9.2/src/c2dec.c:223:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
codec2_load_codebook(codec2, atoi(optarg)-1, argv[optind]);
data/codec2-0.9.2/src/c2dec.c:228:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_ratek = fopen(optarg, "rb");
data/codec2-0.9.2/src/c2demo.c:62:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/c2demo.c:68:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/c2enc.c:88:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[2],"rb")) == NULL ) {
data/codec2-0.9.2/src/c2enc.c:95:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[3],"wb")) == NULL ) {
data/codec2-0.9.2/src/c2enc.c:106:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_hdr.magic,c2_file_magic,sizeof(c2_file_magic));
data/codec2-0.9.2/src/c2enc.c:143:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
codec2_load_codebook(codec2, atoi(argv[i+1])-1, argv[i+2]);
data/codec2-0.9.2/src/c2file.h:11:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char c2_file_magic[3] = {0xc0, 0xde, 0xc2};
data/codec2-0.9.2/src/c2file.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[3];
data/codec2-0.9.2/src/c2sim.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ampexp_arg[MAX_STR];
data/codec2-0.9.2/src/c2sim.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phaseexp_arg[MAX_STR];
data/codec2-0.9.2/src/c2sim.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_file[MAX_STR];
data/codec2-0.9.2/src/c2sim.c:187:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs= atoi(optarg);
data/codec2-0.9.2/src/c2sim.c:193:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
K = atoi(optarg);
data/codec2-0.9.2/src/c2sim.c:195:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
order = atoi(optarg);
data/codec2-0.9.2/src/c2sim.c:207:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
decimate = atoi(optarg);
data/codec2-0.9.2/src/c2sim.c:223:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fvoicing = fopen(optarg,"rt")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:229:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((flspmel = fopen(optarg,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:235:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fWo = fopen(optarg,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:241:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fam = fopen(optarg,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:247:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fhm = fopen(optarg,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:253:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((faw = fopen(optarg,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:259:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fjvm = fopen(optarg,"wt")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:277:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[MAX_STR];
data/codec2-0.9.2/src/c2sim.c:280:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fam = fopen(file_name,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:287:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fhm = fopen(file_name,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:294:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fWo = fopen(file_name,"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:302:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((flspEWov = fopen(optarg,"wb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:311:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ften_ms_centre = fopen(optarg,"wb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:370:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fout = fopen(optarg,"wb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:388:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fin = fopen(argv[optind],"rb")) == NULL) {
data/codec2-0.9.2/src/c2sim.c:753:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lsps_bw, lsps_, sizeof(float)*order);
data/codec2-0.9.2/src/codec2.c:2688:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((codec2_state->fmlfeat = fopen(filename, "wb")) == NULL) {
data/codec2-0.9.2/src/codec2.c:2698:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "rb")) == NULL) {
data/codec2-0.9.2/src/codec2_fft.c:28:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out,in,sizeof(arm_cfft_instance_f32));
data/codec2-0.9.2/src/codec2_fft.c:31:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)out->pBitRevTable,in->pBitRevTable,out->bitRevLength * sizeof(uint16_t));
data/codec2-0.9.2/src/codec2_fft.c:32:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)out->pTwiddle,in->pTwiddle,out->fftLen * sizeof(float32_t));
data/codec2-0.9.2/src/codec2_fft.c:143:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in,inout,cfg->nfft*sizeof(kiss_fft_cpx));
data/codec2-0.9.2/src/codec2_fft.h:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out,in,cfg->instance->fftLen*2*sizeof(float));
data/codec2-0.9.2/src/cohpsk.c:1206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rx_bits, coh->ptest_bits_coh_tx, sizeof(int)*COHPSK_BITS_PER_FRAME);
data/codec2-0.9.2/src/cohpsk_ch.c:112:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_ch.c:119:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_ch.c:129:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[arg+1]);
data/codec2-0.9.2/src/cohpsk_ch.c:134:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
foff_hz = atoi(argv[arg+1]);
data/codec2-0.9.2/src/cohpsk_ch.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/codec2-0.9.2/src/cohpsk_ch.c:192:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffading = fopen(fname, "rb");
data/codec2-0.9.2/src/cohpsk_ch.c:206:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffading = fopen(fname, "rb");
data/codec2-0.9.2/src/cohpsk_ch.c:213:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffading = fopen(fname, "rb");
data/codec2-0.9.2/src/cohpsk_demod.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rx_bits_char[COHPSK_BITS_PER_FRAME];
data/codec2-0.9.2/src/cohpsk_demod.c:96:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (foct = fopen(optarg,"wt")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_demod.c:137:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[dx],"rb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_demod.c:144:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[dx+1],"wb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_get_test_bits.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_bits_char[COHPSK_BITS_PER_FRAME];
data/codec2-0.9.2/src/cohpsk_get_test_bits.c:53:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[1],"wb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_get_test_bits.c:61:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numBits = atoi(argv[2]);
data/codec2-0.9.2/src/cohpsk_get_test_bits.c:66:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tx_bits, ptest_bits_coh, sizeof(int)*COHPSK_BITS_PER_FRAME);
data/codec2-0.9.2/src/cohpsk_mod.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_bits_char[2*COHPSK_BITS_PER_FRAME];
data/codec2-0.9.2/src/cohpsk_mod.c:71:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_mod.c:78:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_put_test_bits.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rx_bits[COHPSK_BITS_PER_FRAME];
data/codec2-0.9.2/src/cohpsk_put_test_bits.c:62:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/cohpsk_put_test_bits.c:73:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (foct = fopen(argv[2],"wt")) == NULL ) {
data/codec2-0.9.2/src/drs232.c:109:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/drs232.c:116:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/drs232_ldpc.c:148:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/drs232_ldpc.c:155:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/dump.c:38:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/src/dump.c:75:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prefix[MAX_STR];
data/codec2-0.9.2/src/dump.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:151:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsn = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:174:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsw = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:192:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsw_ = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:210:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
few = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:229:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsoftdec = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_STR*10];
data/codec2-0.9.2/src/dump.c:247:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fmodel = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:251:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"%12f %12d ", model->Wo, model->L);
data/codec2-0.9.2/src/dump.c:253:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%12f ",model->A[l]);
data/codec2-0.9.2/src/dump.c:258:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%12f ", 0.0);
data/codec2-0.9.2/src/dump.c:263:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d\n",model->voiced);
data/codec2-0.9.2/src/dump.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096];
data/codec2-0.9.2/src/dump.c:277:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fqmodel = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:281:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"%12f %12d ", model->Wo, model->L);
data/codec2-0.9.2/src/dump.c:283:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%12f ",model->A[l]);
data/codec2-0.9.2/src/dump.c:288:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%12f ", 0.0);
data/codec2-0.9.2/src/dump.c:293:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d\n",model->voiced);
data/codec2-0.9.2/src/dump.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:306:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fphase = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:325:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fphase_ = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:345:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhephase = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:362:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsnr = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:376:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flpcsnr = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:393:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpwb = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:410:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpw = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:421:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:427:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frw = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:444:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fweights = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:455:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:461:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flsp = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:472:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:478:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flsp_ = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:495:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fmel = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:512:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fmel_indexes = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:523:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:529:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fak = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:546:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fak_ = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:557:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:563:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffw = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:574:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:580:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fe = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:600:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsq = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:620:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdec = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:636:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fbg = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:650:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fE = fopen(s, "wt");
data/codec2-0.9.2/src/dump.c:660:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_STR];
data/codec2-0.9.2/src/dump.c:666:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frk = fopen(s, "wt");
data/codec2-0.9.2/src/fdmdv.c:586:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdmdv->prev_tx_symbols, tx_symbols, sizeof(COMP)*(fdmdv->Nc+1));
data/codec2-0.9.2/src/fdmdv.c:678:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pilot_lut[M_FAC*(f-4)], pilot, M_FAC*sizeof(COMP));
data/codec2-0.9.2/src/fdmdv.c:1147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_fdm_mem[NRX_FDM_MEM-nin],&rx_fdm[0],nin*sizeof(COMP));
data/codec2-0.9.2/src/fdmdv.c:1665:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdmdv->prev_rx_symbols, rx_symbols, sizeof(COMP)*(fdmdv->Nc+1));
data/codec2-0.9.2/src/fdmdv_channel.c:55:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_channel.c:62:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_demod.c:92:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_demod.c:99:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_demod.c:106:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nc = atoi(argv[3]);
data/codec2-0.9.2/src/fdmdv_demod.c:159:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_fdm_log[rx_fdm_log_col_index], rx_fdm, sizeof(COMP)*nin_prev);
data/codec2-0.9.2/src/fdmdv_demod.c:168:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_bits_log[bits_per_fdmdv_frame*f], rx_bits, sizeof(int)*bits_per_fdmdv_frame);
data/codec2-0.9.2/src/fdmdv_demod.c:186:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(codec_bits, rx_bits, bits_per_fdmdv_frame*sizeof(int));
data/codec2-0.9.2/src/fdmdv_demod.c:190:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&codec_bits[bits_per_fdmdv_frame], rx_bits, bits_per_fdmdv_frame*sizeof(int));
data/codec2-0.9.2/src/fdmdv_demod.c:221:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((foct = fopen(argv[4],"wt")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_get_test_bits.c:58:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[1],"wb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_get_test_bits.c:64:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numBits = atoi(argv[2]);
data/codec2-0.9.2/src/fdmdv_get_test_bits.c:67:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nc = atoi(argv[3]);
data/codec2-0.9.2/src/fdmdv_mod.c:68:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_mod.c:75:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_mod.c:82:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nc = atoi(argv[3]);
data/codec2-0.9.2/src/fdmdv_put_test_bits.c:61:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/fdmdv_put_test_bits.c:68:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nc = atoi(argv[2]);
data/codec2-0.9.2/src/filter.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->cBuf, cSamples, count * sizeof(complex float));
data/codec2-0.9.2/src/filter.c:180:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->cBuf, cSamples, count * sizeof(complex float));
data/codec2-0.9.2/src/fm_demod.c:62:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/fm_demod.c:69:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/fmfsk.c:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oldsamps[nold], &fmfsk_in[0] , sizeof(float)*nin );
data/codec2-0.9.2/src/fmfsk_demod.c:57:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[1]);
data/codec2-0.9.2/src/fmfsk_demod.c:58:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rb = atoi(argv[2]);
data/codec2-0.9.2/src/fmfsk_demod.c:64:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[3],"r");
data/codec2-0.9.2/src/fmfsk_demod.c:70:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[4],"w");
data/codec2-0.9.2/src/fmfsk_mod.c:51:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[1]);
data/codec2-0.9.2/src/fmfsk_mod.c:52:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rb = atoi(argv[2]);
data/codec2-0.9.2/src/fmfsk_mod.c:57:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[3],"r");
data/codec2-0.9.2/src/fmfsk_mod.c:63:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[4],"w");
data/codec2-0.9.2/src/freedv_api.c:779:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/freedv_api.c:849:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/freedv_api.c:988:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/freedv_api.c:1101:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/freedv_api.c:1192:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/freedv_api.c:1247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tx_bits, f->packed_codec_bits, bits_per_interleaved_frame);
data/codec2-0.9.2/src/freedv_api.c:1259:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/freedv_api.c:1433:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->packed_codec_bits, packed_codec_bits, bytes_per_codec_frame * codec_frames);
data/codec2-0.9.2/src/freedv_api.c:1453:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->packed_codec_bits_tx + (f->modem_frame_count_tx*codec_frames+j)*bytes_per_codec_frame, packed_codec_bits, bytes_per_codec_frame);
data/codec2-0.9.2/src/freedv_api.c:1709:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->rx_bits, f->fdmdv_bits, bits_per_fdmdv_frame*sizeof(int));
data/codec2-0.9.2/src/freedv_api.c:1714:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f->rx_bits[bits_per_fdmdv_frame], f->fdmdv_bits, bits_per_fdmdv_frame*sizeof(int));
data/codec2-0.9.2/src/freedv_api.c:1961:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rx_bits_char[COHPSK_BITS_PER_FRAME];
data/codec2-0.9.2/src/freedv_api.c:1978:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rx_bits_char[COHPSK_BITS_PER_FRAME];
data/codec2-0.9.2/src/freedv_api.c:2381:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->packed_codec_bits+j*data_bits_per_frame, out_char, data_bits_per_frame);
data/codec2-0.9.2/src/freedv_api.c:2651:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packed_codec_bits, f->packed_codec_bits + (i + frames*f->modem_frame_count_rx)* bytes_per_codec_frame, bytes_per_codec_frame);
data/codec2-0.9.2/src/freedv_api.c:2663:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packed_codec_bits, f->packed_codec_bits, bytes_per_codec_frame * codec_frames);
data/codec2-0.9.2/src/freedv_data_channel.c:36:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char fdc_header_bcast[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
data/codec2-0.9.2/src/freedv_data_channel.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->rx_header, fdc->tx_header, 8);
data/codec2-0.9.2/src/freedv_data_channel.c:158:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx + fdc->packet_rx_cnt, fdc->rx_header, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:164:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx + fdc->packet_rx_cnt, data, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:172:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx + fdc->packet_rx_cnt, fdc_header_bcast, sizeof(fdc_header_bcast));
data/codec2-0.9.2/src/freedv_data_channel.c:179:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx + 6, data, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx, fdc_header_bcast, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx + fdc->packet_rx_cnt, data, copy_bits);
data/codec2-0.9.2/src/freedv_data_channel.c:208:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->rx_header, fdc->packet_rx, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:213:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[6];
data/codec2-0.9.2/src/freedv_data_channel.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, fdc->packet_rx, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:215:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx, fdc->packet_rx + 6, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:216:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_rx + 6, tmp, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:243:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_tx, fdc->tx_header, size);
data/codec2-0.9.2/src/freedv_data_channel.c:247:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fdc->tx_header, size);
data/codec2-0.9.2/src/freedv_data_channel.c:256:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[6];
data/codec2-0.9.2/src/freedv_data_channel.c:261:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, fdc->packet_tx, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:262:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_tx, fdc->packet_tx + 6, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:263:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_tx + 6, tmp, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:276:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->packet_tx + 6, fdc->packet_tx, 6);
data/codec2-0.9.2/src/freedv_data_channel.c:294:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fdc->packet_tx + fdc->packet_tx_cnt, copy);
data/codec2-0.9.2/src/freedv_data_channel.c:303:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdc->tx_header, header, 6);
data/codec2-0.9.2/src/freedv_data_channel.h:47:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rx_header[8];
data/codec2-0.9.2/src/freedv_data_channel.h:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet_rx[FREEDV_DATA_CHANNEL_PACKET_MAX + 2];
data/codec2-0.9.2/src/freedv_data_channel.h:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_header[8];
data/codec2-0.9.2/src/freedv_data_channel.h:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet_tx[FREEDV_DATA_CHANNEL_PACKET_MAX + 2];
data/codec2-0.9.2/src/freedv_rx.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f2020[80] = {0};
data/codec2-0.9.2/src/freedv_rx.c:106:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f2020,"|2020");
data/codec2-0.9.2/src/freedv_rx.c:138:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[2],"rb")) == NULL ) {
data/codec2-0.9.2/src/freedv_rx.c:145:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[3],"wb")) == NULL ) {
data/codec2-0.9.2/src/freedv_rx.c:177:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interleave_frames = atoi(argv[i+1]);
data/codec2-0.9.2/src/freedv_rx.c:218:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftxt = fopen("freedv_rx_log.txt","wt");
data/codec2-0.9.2/src/freedv_rx.c:257:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encoded[bytes_per_codec_frame * codec_frames];
data/codec2-0.9.2/src/freedv_tx.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_str[80];
data/codec2-0.9.2/src/freedv_tx.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f2020[80] = {0};
data/codec2-0.9.2/src/freedv_tx.c:106:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f2020,"|2020");
data/codec2-0.9.2/src/freedv_tx.c:142:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[2],"rb")) == NULL ) {
data/codec2-0.9.2/src/freedv_tx.c:148:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[3],"wb")) == NULL ) {
data/codec2-0.9.2/src/freedv_tx.c:181:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interleave_frames = atoi(argv[i+1]);
data/codec2-0.9.2/src/freedv_tx.c:184:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
use_clip = atoi(argv[i+1]);
data/codec2-0.9.2/src/freedv_tx.c:187:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
use_txbpf = atoi(argv[i+1]);
data/codec2-0.9.2/src/freedv_tx.c:209:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[6] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc };
data/codec2-0.9.2/src/freedv_tx.c:231:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(my_cb_state.tx_str, "cq cq cq hello world\r");
data/codec2-0.9.2/src/freedv_tx.c:253:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encoded[bytes_per_codec_frame * codec_frames];
data/codec2-0.9.2/src/fsk.c:510:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stats->f_est, fsk->stats->f_est, fsk->mode*sizeof(float));
data/codec2-0.9.2/src/fsk.c:713:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mp_name_tmp[20]; /* Temporary string for modem probe trace names */
data/codec2-0.9.2/src/fsk.c:851:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&(fsk->samp_old[0]),(void*)&(fsk_in[nin-nstash]),sizeof(COMP)*nstash);
data/codec2-0.9.2/src/fsk_demod.c:126:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats_rate = atoi(optarg);
data/codec2-0.9.2/src/fsk_demod.c:136:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
P = atoi(optarg);
data/codec2-0.9.2/src/fsk_demod.c:140:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fsk_lower = atoi(optarg);
data/codec2-0.9.2/src/fsk_demod.c:145:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fsk_upper = atoi(optarg);
data/codec2-0.9.2/src/fsk_demod.c:182:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
M = atoi(argv[dx]);
data/codec2-0.9.2/src/fsk_demod.c:183:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[dx + 1]);
data/codec2-0.9.2/src/fsk_demod.c:184:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rs = atoi(argv[dx + 2]);
data/codec2-0.9.2/src/fsk_demod.c:199:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[dx + 3],"r");
data/codec2-0.9.2/src/fsk_demod.c:205:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[dx + 4],"w");
data/codec2-0.9.2/src/fsk_get_test_bits.c:50:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitcnt = atoi(argv[2]);
data/codec2-0.9.2/src/fsk_get_test_bits.c:60:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[1],"w");
data/codec2-0.9.2/src/fsk_mod.c:52:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
M = atoi(argv[1]);
data/codec2-0.9.2/src/fsk_mod.c:53:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[2]);
data/codec2-0.9.2/src/fsk_mod.c:54:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rs = atoi(argv[3]);
data/codec2-0.9.2/src/fsk_mod.c:55:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f1 = atoi(argv[4]);
data/codec2-0.9.2/src/fsk_mod.c:56:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fs = atoi(argv[5]);
data/codec2-0.9.2/src/fsk_mod.c:61:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[6],"r");
data/codec2-0.9.2/src/fsk_mod.c:67:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[7],"w");
data/codec2-0.9.2/src/fsk_mod_ext_vco.c:57:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[1],"r");
data/codec2-0.9.2/src/fsk_mod_ext_vco.c:63:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[2],"w");
data/codec2-0.9.2/src/fsk_mod_ext_vco.c:66:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m = atoi(argv[3]); log2m = log2(m);
data/codec2-0.9.2/src/fsk_mod_ext_vco.c:71:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
os = atoi(argv[5]);
data/codec2-0.9.2/src/fsk_put_test_bits.c:50:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[1],"r");
data/codec2-0.9.2/src/generate_codebook.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/codec2-0.9.2/src/generate_codebook.c:156:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in = fopen(argv[i + 2], "r");
data/codec2-0.9.2/src/golay23.c:206:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *enc = fopen("golayenctable.h", "w");
data/codec2-0.9.2/src/golay23.c:207:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *dec = fopen("golaydectable.h", "w");
data/codec2-0.9.2/src/horus_api.c:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3];
data/codec2-0.9.2/src/horus_api.c:333:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex, "%02X", payload_bytes[b]);
data/codec2-0.9.2/src/horus_api.c:405:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("packetbits.txt", "wt"); assert(f != NULL);
data/codec2-0.9.2/src/horus_demod.c:89:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats_rate = atoi(optarg);
data/codec2-0.9.2/src/horus_demod.c:139:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[dx],"rb");
data/codec2-0.9.2/src/horus_demod.c:145:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[dx + 1],"w");
data/codec2-0.9.2/src/horus_demod.c:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_out[max_ascii_out];
data/codec2-0.9.2/src/horus_l2.c:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pout, uw, sizeof(uw)); pout += sizeof(uw);
data/codec2-0.9.2/src/horus_l2.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pout, input_payload_data, num_payload_data_bytes); pout += num_payload_data_bytes;
data/codec2-0.9.2/src/horus_l2.c:486:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[nbytes];
data/codec2-0.9.2/src/horus_l2.c:533:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inout, out, nbytes);
data/codec2-0.9.2/src/horus_l2.c:547:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inout[nbytes];
data/codec2-0.9.2/src/horus_l2.c:548:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inter[nbytes];
data/codec2-0.9.2/src/horus_l2.c:549:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char incopy[nbytes];
data/codec2-0.9.2/src/horus_l2.c:558:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inter, inout, nbytes); /* snap shot of interleaved bytes */
data/codec2-0.9.2/src/horus_l2.c:631:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input_payload[nbytes];
data/codec2-0.9.2/src/horus_l2.c:633:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx[num_tx_data_bytes];
data/codec2-0.9.2/src/horus_l2.c:634:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_payload[sizeof(input_payload)];
data/codec2-0.9.2/src/horus_l2.c:783:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx[num_tx_data_bytes];
data/codec2-0.9.2/src/horus_l2.c:793:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("../octave/horus_tx_bits_binary.txt","wt");
data/codec2-0.9.2/src/horus_l2.c:815:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_payload[nbytes];
data/codec2-0.9.2/src/horus_l2.c:819:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rx[45] = {
data/codec2-0.9.2/src/horus_l2.c:830:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("../octave/horus_rx_bits_binary.bin","rb");
data/codec2-0.9.2/src/horus_l2.c:848:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&h, output_payload, nbytes);
data/codec2-0.9.2/src/horus_l2.c:851:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crc_str[80];
data/codec2-0.9.2/src/horus_l2.c:854:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(crc_str, "CRC OK");
data/codec2-0.9.2/src/horus_l2.c:856:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(crc_str, "CRC BAD");
data/codec2-0.9.2/src/horus_l2.c:868:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fh = fopen("../octave/horus_rx_bits_hex.txt","wt");
data/codec2-0.9.2/src/insert_errors.c:51:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/insert_errors.c:58:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/insert_errors.c:64:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ferror = fopen(argv[3],"rb")) == NULL ) {
data/codec2-0.9.2/src/interldpc.c:127:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[ldpc->NumberParityBits];
data/codec2-0.9.2/src/interldpc.c:134:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_bits_char_padded[ldpc->ldpc_data_bits_per_frame];
data/codec2-0.9.2/src/interldpc.c:136:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tx_bits_char_padded, tx_bits_char, ldpc->data_bits_per_frame);
data/codec2-0.9.2/src/kiss_fft.c:378:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fout,tmpbuf,sizeof(kiss_fft_cpx)*st->nfft);
data/codec2-0.9.2/src/ldpc_dec.c:170:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibits[data_bits_per_frame];
data/codec2-0.9.2/src/ldpc_dec.c:171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[NumberParityBits];
data/codec2-0.9.2/src/ldpc_dec.c:218:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_dec.c:225:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_dec.c:245:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unused_data_bits = atoi(argv[arg+1]);
data/codec2-0.9.2/src/ldpc_dec.c:306:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(input_float, llr_tmp, sizeof(float)*CodeLength);
data/codec2-0.9.2/src/ldpc_dec_test.c:142:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ldpc.max_iter = atoi(argv[i+1]);
data/codec2-0.9.2/src/ldpc_dec_test.c:149:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibits[data_bits_per_frame];
data/codec2-0.9.2/src/ldpc_dec_test.c:150:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[NumberParityBits];
data/codec2-0.9.2/src/ldpc_dec_test.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_char[CodeLength];
data/codec2-0.9.2/src/ldpc_dec_test.c:197:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_dec_test.c:204:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_enc.c:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibits[NUMBERROWSHCOLS];
data/codec2-0.9.2/src/ldpc_enc.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[NUMBERPARITYBITS];
data/codec2-0.9.2/src/ldpc_enc.c:113:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_enc.c:120:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_enc.c:133:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unused_data_bits = atoi(argv[arg+1]);
data/codec2-0.9.2/src/ldpc_enc.c:140:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nframes = atoi(argv[arg+1]);
data/codec2-0.9.2/src/ldpc_enc_test.c:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibits[NUMBERROWSHCOLS];
data/codec2-0.9.2/src/ldpc_enc_test.c:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[NUMBERPARITYBITS];
data/codec2-0.9.2/src/ldpc_enc_test.c:96:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_enc_test.c:103:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_enc_test.c:118:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nframes = atoi(argv[arg+1]);
data/codec2-0.9.2/src/ldpc_noise.c:43:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/ldpc_noise.c:50:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[2],"wb")) == NULL ) {
data/codec2-0.9.2/src/modem_probe.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/codec2-0.9.2/src/modem_probe.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf+i,cur->data,cur->len);
data/codec2-0.9.2/src/modem_probe.c:105:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * dumpfile = fopen(run,"w");
data/codec2-0.9.2/src/modem_probe.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndat->data,(void*)&(samp[0]),sizeof(int32_t)*cnt);
data/codec2-0.9.2/src/modem_probe.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndat->data,(void*)&(samp[0]),sizeof(float)*cnt);
data/codec2-0.9.2/src/modem_probe.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndat->data,(void*)&(samp[0]),sizeof(COMP)*cnt);
data/codec2-0.9.2/src/octave.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[OCTAVE_BUFSIZE];
data/codec2-0.9.2/src/octave.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[OCTAVE_BUFSIZE];
data/codec2-0.9.2/src/octave.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[OCTAVE_BUFSIZE];
data/codec2-0.9.2/src/ofdm_demod.c:205:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interleave_frames = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:210:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ldpc_en = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:226:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:241:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ns = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:244:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
phase_est_bandwidth_mode = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:247:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data_bits_per_frame = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:253:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:258:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start_secs = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:261:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len_secs = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:264:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip_secs = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_demod.c:284:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(fin_name, "rb")) == NULL) {
data/codec2-0.9.2/src/ofdm_demod.c:291:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(fout_name, "wb")) == NULL) {
data/codec2-0.9.2/src/ofdm_demod.c:298:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((foct = fopen(log_name, "wt")) == NULL) {
data/codec2-0.9.2/src/ofdm_gen_test_bits.c:114:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frames = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_gen_test_bits.c:132:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(fout_name, "wb")) == NULL) {
data/codec2-0.9.2/src/ofdm_gen_test_bits.c:212:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/ofdm_get_test_bits.c:58:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[1],"wb")) == NULL ) {
data/codec2-0.9.2/src/ofdm_get_test_bits.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_bits_char[ofdm_bitsperframe];
data/codec2-0.9.2/src/ofdm_get_test_bits.c:89:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nframes = atoi(argv[3]);
data/codec2-0.9.2/src/ofdm_get_test_bits.c:91:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int Nsec = atoi(argv[2]);
data/codec2-0.9.2/src/ofdm_mod.c:166:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_mod.c:181:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ns = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_mod.c:185:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nsec = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_mod.c:188:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interleave_frames = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_mod.c:197:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ldpc_en = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_mod.c:211:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data_bits_per_frame = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_mod.c:217:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = atoi(options.optarg);
data/codec2-0.9.2/src/ofdm_mod.c:231:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(fin_name, "rb")) == NULL) {
data/codec2-0.9.2/src/ofdm_mod.c:238:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(fout_name, "wb")) == NULL) {
data/codec2-0.9.2/src/ofdm_mod.c:386:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/codec2-0.9.2/src/ofdm_put_test_bits.c:71:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[1],"rb")) == NULL ) {
data/codec2-0.9.2/src/ofdm_put_test_bits.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rx_bits[Nbitsperframe];
data/codec2-0.9.2/src/optparse.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[64];
data/codec2-0.9.2/src/optparse.h:226:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2] = {0, 0};
data/codec2-0.9.2/src/optparse.h:248:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2] = {0, 0};
data/codec2-0.9.2/src/optparse.h:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optstring[96 * 3 + 1]; /* 96 ASCII printable characters */
data/codec2-0.9.2/src/resample.c:108:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fin = fopen(argv[3],"rb")) == NULL ) {
data/codec2-0.9.2/src/resample.c:115:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (fout = fopen(argv[4],"wb")) == NULL ) {
data/codec2-0.9.2/src/resample.c:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(input_short, &input_short[nin], left_over);
data/codec2-0.9.2/src/tdma.c:266:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mod_bits[0],&frame_bits[0],frame_size_bits*sizeof(u8));
data/codec2-0.9.2/src/tdma.c:271:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mod_bits[uw_offset],uw,mode.uw_len*sizeof(u8));
data/codec2-0.9.2/src/tdma.c:326:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame_bits[0],&demod_bits[f_start],frame_size_bits*sizeof(u8));
data/codec2-0.9.2/src/tdma.c:411:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame_samps[0],&sample_buffer[tdma->sample_sync_offset+rdemod_offset],slot_samps*sizeof(COMP));
data/codec2-0.9.2/src/tdma.c:683:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sample_buffer[n_slots*slot_samps],&samps[0],move_samps);
data/codec2-0.9.2/src/varicode.c:429:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ascii_in, "CQ CQ CQ this is VK5DGR");
data/codec2-0.9.2/src/varicode.c:454:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ascii_in, "s=vk5dgr qth=adelaide");
data/codec2-0.9.2/src/varicode_table.h:34:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char const varicode_table1[256] = {
data/codec2-0.9.2/src/vhf_deframe_c2.c:64:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[2],"r");
data/codec2-0.9.2/src/vhf_deframe_c2.c:70:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[3],"w");
data/codec2-0.9.2/src/vhf_frame_c2.c:62:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[2],"r");
data/codec2-0.9.2/src/vhf_frame_c2.c:68:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[3],"w");
data/codec2-0.9.2/stm32/inc/gdb_stdio.h:42:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/stm32/src/adc_rec.c:58:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fadc = fopen("adc.raw", "wb");
data/codec2-0.9.2/stm32/src/adc_sfdr_ut.c:57:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fadc = fopen("adc.raw", "wb");
data/codec2-0.9.2/stm32/src/codec2_profile.c:43:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/stm32/src/codec2_profile.c:66:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(inputfile, "rb");
data/codec2-0.9.2/stm32/src/codec2_profile.c:72:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(outputfile, "wb");
data/codec2-0.9.2/stm32/src/codec2_profile.c:126:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(inputfile, "rb");
data/codec2-0.9.2/stm32/src/dac_play.c:42:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fplay = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/src/fdmdv_dump_rt.c:55:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/stm32/src/fdmdv_dump_rt.c:133:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ft = fopen("scatter.txt", "wt");
data/codec2-0.9.2/stm32/src/fdmdv_profile.c:44:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/stm32/src/fdmdv_profile.c:127:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(codec_bits, rx_bits, bits_per_fdmdv_frame*sizeof(int));
data/codec2-0.9.2/stm32/src/fdmdv_profile.c:129:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&codec_bits[bits_per_fdmdv_frame], rx_bits, bits_per_fdmdv_frame*sizeof(int));
data/codec2-0.9.2/stm32/src/freedv_rx_profile.c:45:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/stm32/src/freedv_rx_profile.c:79:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen("mod_16k.raw", "rb");
data/codec2-0.9.2/stm32/src/freedv_rx_profile.c:85:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("speechout_16k.raw", "wb");
data/codec2-0.9.2/stm32/src/freedv_rx_profile.c:91:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftotal = fopen("total.txt", "wt");
data/codec2-0.9.2/stm32/src/freedv_tx_profile.c:41:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/stm32/src/freedv_tx_profile.c:61:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/src/freedv_tx_profile.c:67:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("mod.raw", "wb");
data/codec2-0.9.2/stm32/src/gdb_stdio.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_STR];
data/codec2-0.9.2/stm32/src/gdb_stdio.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_STR];
data/codec2-0.9.2/stm32/src/iir_duc.c:338:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("iir_duc_s.txt", "wt"); assert(f != NULL);
data/codec2-0.9.2/stm32/src/iir_duc.c:344:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("iir_duc.txt", "wt"); assert(f != NULL);
data/codec2-0.9.2/stm32/src/iir_tuner.c:181:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("iir_tuner_s.txt", "wt"); assert(f != NULL);
data/codec2-0.9.2/stm32/src/iir_tuner.c:187:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("iir_tuner.txt", "wt"); assert(f != NULL);
data/codec2-0.9.2/stm32/src/iir_tuner.c:207:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("iir_tuner2.txt", "wt"); assert(f != NULL);
data/codec2-0.9.2/stm32/src/power_ut.c:46:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen gdb_stdio_fopen
data/codec2-0.9.2/stm32/src/power_ut.c:76:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(inputfile, "rb");
data/codec2-0.9.2/stm32/src/sm1000_main.c:1101:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char period[6];
data/codec2-0.9.2/stm32/src/sm1000_main.c:1167:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char period[6];
data/codec2-0.9.2/stm32/src/sm1000_main.c:1248:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char freq[6];
data/codec2-0.9.2/stm32/src/sm1000_main.c:1313:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wpm[5];
data/codec2-0.9.2/stm32/src/sm1000_main.c:1376:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vol[5];
data/codec2-0.9.2/stm32/src/stm32f4_machdep.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUF_SZ];
data/codec2-0.9.2/stm32/src/stm32f4_machdep.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/codec2-0.9.2/stm32/src/stm32f4_usart.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_FMT_SIZE];
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:424:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_block.data, in, size);
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:501:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, block->data, offset);
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:502:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[offset], in, block_sz - offset);
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:505:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, in, size);
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:506:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[size], &(block->data[size]),
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:539:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[block_offset], in,
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:618:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_ptr, &(block->data[block_offset]), block_sz);
data/codec2-0.9.2/stm32/src/stm32f4_vrom.c:631:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_ptr, block->data, block_sz);
data/codec2-0.9.2/stm32/src/tuner_ut.c:54:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftuner = fopen("tuner.raw", "wb");
data/codec2-0.9.2/stm32/stlink/elfsym.c:32:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(file, O_RDWR)) == ERR) {
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[SPARE_RAM];
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[8];
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:124:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_cfg = open("stm_cfg.txt", O_RDONLY);
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:172:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_in = open("stm_in.raw", O_RDONLY);
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:178:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out = open("stm_out.raw", (O_CREAT | O_WRONLY), 0644);
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_str[80];
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[8];
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:138:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_cfg = open("stm_cfg.txt", O_RDONLY);
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:222:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(my_cb_state.tx_str, "cq cq cq hello world\r");
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:235:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_in = open("stm_in.raw", O_RDONLY);
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:241:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out = open("stm_out.raw", (O_CREAT | O_WRONLY), 0644);
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod_700d_profile.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_str[80];
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod_700d_profile.c:132:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(my_cb_state.tx_str, "cq cq cq hello world\r");
data/codec2-0.9.2/stm32/unittest/src/tst_api_tx.c:64:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/unittest/src/tst_api_tx.c:70:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("mod.raw", "wb");
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fin_buffer[1024];
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c:75:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute__ ((section (".ccm"))) char fout_buffer[4*8192];
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[8];
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c:95:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_cfg = open("stm_cfg.txt", O_RDONLY);
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c:126:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c:133:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen("stm_out.raw", "wb" );
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c:72:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute__ ((section (".ccm"))) char fin_buffer[8*8192];
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fout_buffer[1024];
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[8];
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c:96:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_cfg = open("stm_cfg.txt", O_RDONLY);
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c:130:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c:137:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fout = fopen("stm_out.raw", "wb");
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_dec.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fin_buffer[1024];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_dec.c:55:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute__ ((section (".ccm"))) char fout_buffer[8*8192];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_dec.c:91:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibits[data_bits_per_frame];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_dec.c:92:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[NumberParityBits];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_dec.c:116:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_dec.c:124:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("stm_out.raw", "wb");
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_enc.c:42:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute__ ((section (".ccm"))) char fin_buffer[8*8192];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_enc.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fout_buffer[1024];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_enc.c:57:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibits[HRA_112_112_NUMBERROWSHCOLS];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_enc.c:58:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[HRA_112_112_NUMBERPARITYBITS];
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_enc.c:79:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/unittest/src/tst_ldpc_enc.c:86:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fout = fopen("stm_out.raw", "wb");
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fout_buffer[4*4096];
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:95:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute__ ((section (".ccm"))) char fdiag_buffer[4*8192];
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:96:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute__ ((section (".ccm"))) char fin_buffer[4096*8];
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[8];
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:136:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcfg = fopen("stm_cfg.txt", "r");
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rx_bits_char[ofdm_bitsperframe];
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:229:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:237:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("stm_out.raw", "wb");
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_demod.c:244:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdiag = fopen("stm_diag.raw", "wb");
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_mod.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[8];
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_mod.c:105:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcfg = fopen("stm_cfg.txt", "r");
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_mod.c:184:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int sin = open("stm_in.raw", O_RDONLY);
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_mod.c:190:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int sout = open("mod.raw", O_WRONLY|O_TRUNC|O_CREAT, 0666);
data/codec2-0.9.2/stm32/unittest/src/tst_semihost.c:27:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen("stm_in.raw", "rb");
data/codec2-0.9.2/stm32/unittest/src/tst_semihost.c:33:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen("stm_out.raw", "wb");
data/codec2-0.9.2/unittest/compare_floats.c:41:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f1 = fopen(fname1, "rb");
data/codec2-0.9.2/unittest/compare_floats.c:48:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f2 = fopen(fname2, "rb");
data/codec2-0.9.2/unittest/compare_ints.c:73:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes = atoi(optarg);
data/codec2-0.9.2/unittest/compare_ints.c:82:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numerrorstoexit = atoi(optarg);
data/codec2-0.9.2/unittest/compare_ints.c:100:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f1 = fopen(fname1, "rb");
data/codec2-0.9.2/unittest/compare_ints.c:107:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f2 = fopen(fname2, "rb");
data/codec2-0.9.2/unittest/function_trace.c:9:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_trace = fopen("function_trace.out", "w");
data/codec2-0.9.2/unittest/ofdm_stack.c:80:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frames = atoi(optarg);
data/codec2-0.9.2/unittest/tcohpsk.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx_bits_log[COHPSK_BITS_PER_FRAME*f], tx_bits, sizeof(int)*COHPSK_BITS_PER_FRAME);
data/codec2-0.9.2/unittest/tcohpsk.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx_fdm_frame_log[COHPSK_M*NSYMROWPILOT*f], tx_fdm_frame, sizeof(COMP)*COHPSK_M*NSYMROWPILOT);
data/codec2-0.9.2/unittest/tcohpsk.c:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ch_fdm_frame_log[COHPSK_M*NSYMROWPILOT*f], ch_fdm_frame, sizeof(COMP)*COHPSK_M*NSYMROWPILOT);
data/codec2-0.9.2/unittest/tcohpsk.c:237:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_bits_log[COHPSK_BITS_PER_FRAME*log_bits], rx_bits, sizeof(int)*COHPSK_BITS_PER_FRAME);
data/codec2-0.9.2/unittest/tcohpsk.c:258:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("tcohpsk_out.txt","wt");
data/codec2-0.9.2/unittest/tcontphase.c:111:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(argv[1],"wb")) == NULL) {
data/codec2-0.9.2/unittest/tfdmdv.c:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdmdv->prev_tx_symbols, tx_symbols, sizeof(COMP)*(FDMDV_NC+1));
data/codec2-0.9.2/unittest/tfdmdv.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdmdv->prev_rx_symbols, rx_symbols, sizeof(COMP)*(FDMDV_NC+1));
data/codec2-0.9.2/unittest/tfdmdv.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx_bits_log[FDMDV_BITS_PER_FRAME*f], tx_bits, sizeof(int)*FDMDV_BITS_PER_FRAME);
data/codec2-0.9.2/unittest/tfdmdv.c:197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx_symbols_log[(FDMDV_NC+1)*f], tx_symbols, sizeof(COMP)*(FDMDV_NC+1));
data/codec2-0.9.2/unittest/tfdmdv.c:198:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx_fdm_log[M_FAC*f], tx_fdm, sizeof(COMP)*M_FAC);
data/codec2-0.9.2/unittest/tfdmdv.c:200:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pilot_baseband1_log[f*NPILOTBASEBAND], fdmdv->pilot_baseband1, sizeof(COMP)*NPILOTBASEBAND);
data/codec2-0.9.2/unittest/tfdmdv.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pilot_baseband2_log[f*NPILOTBASEBAND], fdmdv->pilot_baseband2, sizeof(COMP)*NPILOTBASEBAND);
data/codec2-0.9.2/unittest/tfdmdv.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pilot_lpf1_log[f*NPILOTLPF], fdmdv->pilot_lpf1, sizeof(COMP)*NPILOTLPF);
data/codec2-0.9.2/unittest/tfdmdv.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pilot_lpf2_log[f*NPILOTLPF], fdmdv->pilot_lpf2, sizeof(COMP)*NPILOTLPF);
data/codec2-0.9.2/unittest/tfdmdv.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&S1_log[f*MPILOTFFT], fdmdv->S1, sizeof(COMP)*MPILOTFFT);
data/codec2-0.9.2/unittest/tfdmdv.c:205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&S2_log[f*MPILOTFFT], fdmdv->S2, sizeof(COMP)*MPILOTFFT);
data/codec2-0.9.2/unittest/tfdmdv.c:223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&env_log[NT*P*f], env, sizeof(float)*NT*P);
data/codec2-0.9.2/unittest/tfdmdv.c:234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_bits_log[FDMDV_BITS_PER_FRAME*f], rx_bits, sizeof(int)*FDMDV_BITS_PER_FRAME);
data/codec2-0.9.2/unittest/tfdmdv.c:251:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("tfdmdv_out.txt","wt");
data/codec2-0.9.2/unittest/tfmfsk.c:92:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[2]);
data/codec2-0.9.2/unittest/tfmfsk.c:93:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rs = atoi(argv[3]);
data/codec2-0.9.2/unittest/tfmfsk.c:96:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[4],"r");
data/codec2-0.9.2/unittest/tfmfsk.c:97:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[5],"w");
data/codec2-0.9.2/unittest/tfreedv_data_channel.c:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet, testvec[vector].data, testvec[vector].data_size);
data/codec2-0.9.2/unittest/tfreedv_data_channel.c:220:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame[frame_size];
data/codec2-0.9.2/unittest/tfsk.c:104:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
M = atoi(argv[2]);
data/codec2-0.9.2/unittest/tfsk.c:105:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f1 = atoi(argv[3]);
data/codec2-0.9.2/unittest/tfsk.c:106:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fs = atoi(argv[4]);
data/codec2-0.9.2/unittest/tfsk.c:107:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[5]);
data/codec2-0.9.2/unittest/tfsk.c:108:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rs = atoi(argv[6]);
data/codec2-0.9.2/unittest/tfsk.c:111:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(argv[7],"r");
data/codec2-0.9.2/unittest/tfsk.c:112:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(argv[8],"w");
data/codec2-0.9.2/unittest/tnewamp1.c:115:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen(argv[1], "rb");
data/codec2-0.9.2/unittest/tnewamp1.c:281:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen("tnewamp1_out.txt","wt");
data/codec2-0.9.2/unittest/tnlp.c:82:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Fs = atoi(argv[argc+1]);
data/codec2-0.9.2/unittest/tnlp.c:105:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(argv[1],"rb")) == NULL) {
data/codec2-0.9.2/unittest/tnlp.c:112:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(argv[2],"wt")) == NULL) {
data/codec2-0.9.2/unittest/tofdm.c:172:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_Nc = atoi(optarg);
data/codec2-0.9.2/unittest/tofdm.c:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ofdm_config_default, ofdm_get_config_param(), sizeof(struct OFDM_CONFIG));
data/codec2-0.9.2/unittest/tofdm.c:301:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibits[HRA_112_112_NUMBERROWSHCOLS];
data/codec2-0.9.2/unittest/tofdm.c:302:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbits[HRA_112_112_NUMBERPARITYBITS];
data/codec2-0.9.2/unittest/tofdm.c:338:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx_bits_log[ofdm_bitsperframe*f], tx_bits, sizeof(int)*ofdm_bitsperframe);
data/codec2-0.9.2/unittest/tofdm.c:339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx_log[ofdm_samplesperframe*f], tx, sizeof(COMP)*ofdm_samplesperframe);
data/codec2-0.9.2/unittest/tofdm.c:383:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin=fopen("~/codec2-dev/octave/ofdm_test.raw", "rb");
data/codec2-0.9.2/unittest/tofdm.c:496:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rxbuf_in_log[nin_tot], rxbuf_in, sizeof(COMP)*nin);
data/codec2-0.9.2/unittest/tofdm.c:537:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_bits_log[ofdm_bitsperframe*f], rx_bits, sizeof(rx_bits));
data/codec2-0.9.2/unittest/tofdm.c:555:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("tofdm_out.txt","wt");
data/codec2-0.9.2/unittest/tprede.c:33:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fprede = fopen("prede.txt", "wt");
data/codec2-0.9.2/lpcnet/src/kiss_fft.h:47:33: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
#define KISS_FFT_MALLOC(nbytes) memalign(16,nbytes)
data/codec2-0.9.2/misc/dvdongle2.c:172:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, data, len);
data/codec2-0.9.2/misc/dvdongle2.c:332:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, &data, 1);
data/codec2-0.9.2/src/dump.c:255:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(line) < MAX_STR*10);
data/codec2-0.9.2/src/dump.c:260:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(line) < MAX_STR*10);
data/codec2-0.9.2/src/dump.c:285:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(line) < 4096);
data/codec2-0.9.2/src/dump.c:290:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(line) < 4096);
data/codec2-0.9.2/src/horus_api.c:256:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hstates->total_payload_bits = strlen(ascii_out)*7;
data/codec2-0.9.2/src/modem_probe.c:64:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod = malloc((strlen(modname)+1)*sizeof(char));
data/codec2-0.9.2/src/modem_probe.c:65:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
run = malloc((strlen(runname)+1)*sizeof(char));
data/codec2-0.9.2/src/ofdm_demod.c:109:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pn = argv[0] + strlen(argv[0]);
data/codec2-0.9.2/src/ofdm_gen_test_bits.c:76:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pn = argv[0] + strlen (argv[0]);
data/codec2-0.9.2/src/ofdm_mod.c:83:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pn = argv[0] + strlen(argv[0]);
data/codec2-0.9.2/src/varicode.c:431:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(ascii_in) < length);
data/codec2-0.9.2/src/varicode.c:433:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(ascii_in); i++)
data/codec2-0.9.2/src/varicode.c:437:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_varicode_bits_out = varicode_encode(varicode, ascii_in, VARICODE_MAX_BITS*length, strlen(ascii_in), code_num);
data/codec2-0.9.2/src/varicode.c:455:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ascii_in);
data/codec2-0.9.2/src/varicode.c:459:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(ascii_in) < length);
data/codec2-0.9.2/src/varicode.c:461:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(ascii_in); i++)
data/codec2-0.9.2/src/varicode.c:465:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_varicode_bits_out = varicode_encode(varicode, ascii_in, VARICODE_MAX_BITS*length, strlen(ascii_in), code_num);
data/codec2-0.9.2/stm32/src/gdb_stdio.c:66:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_stdio_strlen1 = strlen(str);
data/codec2-0.9.2/stm32/src/gdb_stdio.c:80:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_stdio_strlen1 = strlen(str);
data/codec2-0.9.2/stm32/src/gdb_stdio.c:89:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_stdio_strlen1 = strlen(file_name);
data/codec2-0.9.2/stm32/src/gdb_stdio.c:90:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_stdio_strlen2 = strlen(mode);
data/codec2-0.9.2/stm32/src/stm32f4_machdep.c:82:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buf) + strlen(tmp)) < BUF_SZ)
data/codec2-0.9.2/stm32/src/stm32f4_machdep.c:82:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buf) + strlen(tmp)) < BUF_SZ)
data/codec2-0.9.2/stm32/src/stm32f4_usart.c:56:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i=0; i<strlen(s); i++) {
data/codec2-0.9.2/stm32/stlink/elfsym.c:49:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((read(fd, base_ptr, elf_stats.st_size)) < elf_stats.st_size) {
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:129:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(f_cfg, &config[0], 8) != 8) {
data/codec2-0.9.2/stm32/unittest/src/tst_api_demod.c:190:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((nread = read(f_in, demod_in, (sizeof(short) * nin))) == (nin * sizeof(short))) {
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:143:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(f_cfg, &config[0], 8) != 8) {
data/codec2-0.9.2/stm32/unittest/src/tst_api_mod.c:253:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((num_read = read(f_in, speech_in, (sizeof(short) * n_speech_samples))) ==
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_dec.c:100:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(f_cfg, &config[0], 8) != 8) {
data/codec2-0.9.2/stm32/unittest/src/tst_codec2_enc.c:101:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(f_cfg, &config[0], 8) != 8) {
data/codec2-0.9.2/stm32/unittest/src/tst_ofdm_mod.c:196:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(sin, tx_bits_char, sizeof(char) * Nbitsperframe) == Nbitsperframe) {
ANALYSIS SUMMARY:
Hits = 863
Lines analyzed = 527161 in approximately 61.73 seconds (8540 lines/second)
Physical Source Lines of Code (SLOC) = 491338
Hits@level = [0] 1720 [1] 35 [2] 700 [3] 31 [4] 96 [5] 1
Hits@level+ = [0+] 2583 [1+] 863 [2+] 828 [3+] 128 [4+] 97 [5+] 1
Hits/KSLOC@level+ = [0+] 5.25707 [1+] 1.75643 [2+] 1.68519 [3+] 0.260513 [4+] 0.19742 [5+] 0.00203526
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.