Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/espeak-ng-1.50+dfsg/android/jni/include/Log.h
Examining data/espeak-ng-1.50+dfsg/android/jni/include/config.h
Examining data/espeak-ng-1.50+dfsg/android/jni/jni/eSpeakService.c
Examining data/espeak-ng-1.50+dfsg/config.h
Examining data/espeak-ng-1.50+dfsg/emscripten/espeakng_glue.cpp
Examining data/espeak-ng-1.50+dfsg/src/compat/getopt.c
Examining data/espeak-ng-1.50+dfsg/src/include/compat/endian.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/getopt.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/math.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/stdint.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/stdio.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/string.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/strings.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/sys/stat.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/unistd.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/wchar.h
Examining data/espeak-ng-1.50+dfsg/src/include/compat/wctype.h
Examining data/espeak-ng-1.50+dfsg/src/include/espeak-ng/encoding.h
Examining data/espeak-ng-1.50+dfsg/src/include/espeak-ng/espeak_ng.h
Examining data/espeak-ng-1.50+dfsg/src/include/espeak-ng/speak_lib.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/encoding.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/error.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/error.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_api.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_command.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_command.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/event.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/event.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/fifo.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/klatt.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/klatt.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrola.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/mnemonics.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/phoneme.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/phoneme.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/phonemelist.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/phonemelist.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/setlengths.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/setlengths.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/sintab.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/spect.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/spect.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/voice.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.h
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/fifo.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c
Examining data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.h
Examining data/espeak-ng-1.50+dfsg/src/speak-ng.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/src/case.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/src/categories.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/src/ctype.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/src/include/ucd/ucd.h
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/src/proplist.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/src/scripts.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/src/tostring.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c
Examining data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp
Examining data/espeak-ng-1.50+dfsg/src/espeak-ng.c
Examining data/espeak-ng-1.50+dfsg/tests/api.c
Examining data/espeak-ng-1.50+dfsg/tests/encoding.c
Examining data/espeak-ng-1.50+dfsg/tests/fuzzrunner.c
Examining data/espeak-ng-1.50+dfsg/tests/readclause.c
Examining data/espeak-ng-1.50+dfsg/tests/ssml-fuzzer.c
FINAL RESULTS:
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:244:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, illoptchar, optchar);
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:256:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, recargchar, optchar);
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:279:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, recargchar, optchar);
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:400:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ambig, (int)current_argv_len,
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:409:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, noarg, (int)current_argv_len,
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:441:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, recargstring, current_argv);
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:455:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, illoptstring, current_argv);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:282:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s_%.2d%s", wavefile, wavefile_count+1, filetype);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:597:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filetype, extn);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:613:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(voicename, ESPEAKNG_DEFAULT_VOICE);
data/espeak-ng-1.50+dfsg/src/include/compat/stdio.h:35:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifndef snprintf
data/espeak-ng-1.50+dfsg/src/include/compat/stdio.h:36:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/espeak-ng-1.50+dfsg/src/include/compat/stdio.h:36:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:345:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%c%s", path_home, PATHSEP, "phondata-manifest");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:377:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(&buf[2], "%x %s", &value, name) == 2) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:379:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:571:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f_errors, format, args);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1227:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname_temp, tmpnam(NULL));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1233:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1238:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "sox \"%s/%s.wav\" -r %d -c1 -t wav %s\n", phsrc, fname2, samplerate_native, fname_temp);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1239:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", phsrc, path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1483:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s.wav", phsrc, path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1529:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p2->string, path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1585:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, item_string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1872:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2000:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(proc_names[n_procs], item_string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2457:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_fname, stack[stack_ix].fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2469:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", phsrc, item_string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2473:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stack[stack_ix].fname, current_fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2530:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phsrc, "%s", source_path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2532:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phsrc, "%s/../phsource", path_home);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2536:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phdst, "%s", destination_path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2538:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phdst, "%s", path_home);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2558:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/phonemes", phsrc);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2564:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", phsrc, "compile_report");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2572:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", phdst, "phondata-manifest");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2590:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", phdst, "phondata");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2600:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", phdst, "phonindex");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2611:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", phdst, "phontab");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2623:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/compile_prog_log", phsrc);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2742:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/../phsource/intonation.txt", path_home);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2744:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/../phsource/intonation", path_home);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2753:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tune_names[ix], preset_tune_names[ix]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2797:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/intonations", path_home);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:186:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", LookupMnemName(mnem_flags, stress + 0x40));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:198:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s", name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:289:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&p[1], name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:306:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, suffix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:356:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:623:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&dict_line[(len_word)+2], encoded_ph);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:706:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%s.txt", path, filename);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:708:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%s", path, filename);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1082:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rule_match, group_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1098:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1111:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&output[len], rule_match);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1154:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&output[len], "%c%s", RULE_POST, rule_post);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1356:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rgroup[n_rgroups].name, group_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1548:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%s_", dsource, dict_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1549:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname_in, "%srules.txt", path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1551:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname_in, "%srules", path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1556:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname_out, "%s%c%s_dict", path_home, PATHSEP, dict_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1562:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname_temp, "%s%ctemp", path_home, PATHSEP);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:103:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(buf, "%d %s %s %d %s %s", &control, phoneme, phoneme2, &percent, name1, name2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:126:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrola_voice, basename(filepath));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:127:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/mbrola_ph/%s_phtrans", path_home, mbrola_voice);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:219:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%c%s_dict", path_home, PATHSEP, name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:465:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phon_out, "(%s)", p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:493:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phon_out, p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:649:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&phon_out_buf[phon_out_ix], phon_buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:980:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)phonetic, word);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1563:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, ph);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2248:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, str_pause);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2347:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phonemes, "%c%s", phonSWITCH, WordToString2(tr->langopts.alt_alphabet_lang));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2352:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phonemes, "%c%s", phonSWITCH, WordToString2(alphabet->language));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2392:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonemes, match1.phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2410:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(end_phonemes, match1.phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2627:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonetic, p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2935:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&word_replacement[2], "%s ", ph_out); // replacement word, preceded by zerochar and space
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2985:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_out, word_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:125:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(mbr_errorbuf, sizeof(mbr_errorbuf), errmsg, params);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:208:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("mbrola", "mbrola", "-e", "-v", charbuf,
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:456:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_buf, ph_accent2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:464:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_buf, "%s%c%s%c%s%s", ph_accent1, phonPAUSE_VSHORT, ph_letter1, phonSTRESS_P, ph_letter2, ph_accent2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:467:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_buf, ph_letter1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:469:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_buf, "%s%c%c%s", ph_accent1, phonPAUSE_VSHORT, phonSTRESS_P, ph_letter1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:471:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_buf, "%c%s%c%s%c", phonSTRESS_2, ph_letter1, phonPAUSE_VSHORT, ph_accent1, phonPAUSE_VSHORT);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:538:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_buf1, ph_buf3);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:740:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonemes, ph_buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:771:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_buf2, ph_alphabet);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:779:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&ph_alphabet[3], ph_buf2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:892:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pbuf, pause_string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:900:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_buf2, "%c%s%s%s", 0xff, ph_alphabet, ph_buf, capital);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:902:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_buf2, "%c%s%s%s", 0xff, ph_alphabet, capital, ph_buf); // the 0xff marker will be removed or replaced in SetSpellingStress()
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:904:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&phonemes[len], ph_buf2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1106:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_out, ph_roman);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1110:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number_chars, " %d %s ", acc, tr->langopts.roman_suffix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1138:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, ph_roman);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1229:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "_%s%do", M_Variant(value), thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1234:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "_%s%de", M_Variant(value), thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1239:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "_%s%dx", M_Variant(value), thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1244:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "_%s%d", M_Variant(value), thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1265:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_out, "%s%s", ph_of, ph_thousands);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1316:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_out, digit_lookup);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1328:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_ordinal, ph_ordinal2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1334:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_ordinal, ph_ordinal2x); // alternate pronunciation (lang=an)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1388:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_tens, ph_ordinal2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1413:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_digits, digit_lookup);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1465:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_out, "%s%s%s%s", ph_digits, ph_and, ph_tens, ph_ordinal);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1467:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_out, "%s%s%s%s", ph_tens, ph_and, ph_digits, ph_ordinal);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1482:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ix = sprintf(ph_out, "%s%s", ph_tens, ph_digits);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1485:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&ph_out[ix], "%s", ph_ordinal);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1487:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_out, "%s%s%s", ph_tens, ph_digits, ph_ordinal);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1594:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_thousands, "%s%c%s%c", ph_10T, phonEND_WORD, ph_digits, phonEND_WORD); // say "thousands" before its number, not after
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1596:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_thousands, "%s%c%s%c", ph_digits, phonEND_WORD, ph_10T, phonEND_WORD);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1623:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_digits, ph_ordinal2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1660:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "%s%s%s%s", ph_thousands, ph_thousand_and, ph_digits, ph_100);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1709:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, ph_ordinal2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1713:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_out, "%s%s%c%s", buf1, ph_hundred_and, phonEND_WORD, buf2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1826:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "_#%s", suffix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1832:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "_x#%s", suffix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1967:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_out, "%s%s%c%s%s", ph_zeros, ph_append, phonEND_WORD, ph_buf2, ph_buf); // say "thousands" before its number
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1969:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ph_out, "%s%s%s%c%s", ph_zeros, ph_buf2, ph_buf, phonEND_WORD, ph_append);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1989:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1995:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2010:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2012:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_buf, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2014:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, ph_buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2021:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2032:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2041:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&ph_out[len], "%c%s", phonEND_WORD, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2046:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2050:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2064:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ph_out, str_pause); // don't add pause for 100s, 6th, etc.
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:212:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text_out, "[\002%s]]", phonemes2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:275:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "[\002_^_%s %s _^_%s]]", "en", phonemes2, WordToString2(tr->translator_name));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:280:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "[\002%s]] ", phonemes2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:321:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname2, "%s%csoundicons%c%s", path_home, PATHSEP, PATHSEP, fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:351:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname_temp, tmpnam(NULL));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:354:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "sox \"%s\" -r %d -c1 -t wav %s\n", fname, samplerate, fname_temp);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:355:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) == 0)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:435:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(soundicon_tab[slot].filename, fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:486:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s", punctname); // we need the space before punctname, to ensure it doesn't merge with the previous word (eg. "2.-a")
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:493:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, " %s", punctname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:494:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:499:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:502:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s %d %s",
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:519:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&output[*bufix], buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:585:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sp->language, v->languages);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:671:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ungot_word);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:728:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ungot_string, "%s%c%c", &xml_buf2[0], c1, c2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:796:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(voice_change, current_voice_id);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:915:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text_buf, "%s", text_buf2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:918:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[ix], text_buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:1036:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p2, "%s", LookupCharName(tr, c1, 1));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:368:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path_home, PATH_ESPEAK_DATA);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:219:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(voice_name, ssml_stack[0].voice_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:220:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(language, ssml_stack[0].language);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:232:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(voice_name, sp->voice_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:239:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(language, sp->language);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:246:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(language, &base_voice->languages[1]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:272:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s+%s", v_id, base_voice_variant_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:374:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_voice_id, new_voice_id);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:423:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&outbuf[*outix], buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:750:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&outbuf[*outix], buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:794:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&outbuf[*outix], buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:808:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", xmlbase, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:814:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&outbuf[*outix], buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:823:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&outbuf[*outix], buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:88:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/mbrola/%s", path_home, mbrola_voice);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:93:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/usr/share/mbrola/%s", mbrola_voice);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:96:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/usr/share/mbrola/%s/%s", mbrola_voice, mbrola_voice);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:100:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/usr/share/mbrola/voices/%s", mbrola_voice);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:113:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/mbrola_ph/%s", path_home, phtrans);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:143:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbrola_name, mbrola_voice);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:281:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:297:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:305:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:309:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:395:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s\t", WordToString(name));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:419:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%d\t%s", len, pitch);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:425:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%d\t%s", len1, pitch);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:428:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s\t%d\t%s", WordToString(name2), len-len1, pitch);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:480:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%d\n%s\t", len1, WordToString(name2));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:483:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%d%s\n", len, final_pitch);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:75:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%c%s", path_home, PATHSEP, fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:413:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%c%s", path_home, PATHSEP, "config");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:423:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
ix = sscanf(&buf[10], "_%c %s", &c1, string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:476:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->dictionary_name, name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:467:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:653:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_out, word1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:682:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:738:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:770:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, unpron_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:793:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:805:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:832:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonemes, phonemes2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:833:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(end_phonemes, end_phonemes2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:882:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:887:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:893:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(prefix_phonemes, end_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:909:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:917:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonemes2, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:935:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:953:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:965:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonemes, phonemes2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:974:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(end_phonemes2, end_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:976:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(end_phonemes, end_phonemes2); // add the phonemes for the previous suffixes after this one
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:991:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1071:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&word_phonemes[ix], end_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1171:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word+2, word_out);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1286:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(translator2_language, new_language);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1443:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ph_buf, word_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1461:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_phonemes, ph_buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1483:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old_dictionary_name, dictionary_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1520:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dictionary_name, old_dictionary_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1714:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dictionary_name, old_dictionary_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:313:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s %d", vlanguage, &priority);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:319:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&languages[langix+1], vlanguage);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:325:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s %d", vgender, &age);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:347:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&p[langix], fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:353:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&p[langix], vname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:462:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(p, "%d %s %s", &flags, phon_string1, phon_string2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:535:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, vname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:540:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(voicename, ESPEAKNG_DEFAULT_VOICE);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:542:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_voices, "%s%cvoices%c", path_home, PATHSEP, PATHSEP);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:543:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", path_voices, voicename); // look in the main voices directory
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:546:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_voices, "%s%clang%c", path_home, PATHSEP, PATHSEP);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:547:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", path_voices, voicename); // look in the main languages directory
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:567:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(translator_name, language_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:568:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_dictionary, language_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:569:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonemes_name, language_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:584:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "+%s", &vname[3]); // omit !v/ from the variant filename
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:585:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(voice_identifier, buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:615:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s %d", language_name, &priority);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:624:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&voice_languages[langix+1], language_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:632:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(translator_name, language_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:633:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_dictionary, language_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:634:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(phonemes_name, language_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:656:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s %d", vgender, &age);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:664:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s", translator_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:673:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s", new_dictionary);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:676:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s", phonemes_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:709:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(p, "%s %s %s %s %s %s", names[0], names[1], names[2], names[3], names[4], names[5]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:779:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (((sscanf(p, "%s %d %d", option_name, &value, &value2) >= 2) && ((ix = LookupMnem(options_tab, option_name)) >= 0)) ||
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:843:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s %s %d", name1, name2, &srate);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:960:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(variant_name, "%s%s", variant_prefix, p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:967:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(variant_name, "%sm%d", variant_prefix, variant_num); // male
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:969:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(variant_name, "%sf%d", variant_prefix, variant_num-10); // female
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1170:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/voices/%s", path_home, language);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1227:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(last_part, "%c%s", PATHSEP, name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1302:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(voice_id, "%s+%s", vp->identifier, variant_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1379:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(voice_id, "%s+%s", vp->identifier, variant_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1398:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s\\*", path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1410:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%c%s", path, PATHSEP, FindFileData.cFileName);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1447:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%c%s", path, PATHSEP, ent->d_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1603:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_voices, "%s%cvoices", path_home, PATHSEP);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1606:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_voices, "%s%clang", path_home, PATHSEP);
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:48:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
__weak_alias(getopt,_getopt)
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:60:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
__weak_alias(getopt_long,_getopt_long)
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:66:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define IS_POSIXLY_CORRECT (getenv("POSIXLY_CORRECT") != NULL)
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:300:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(int nargc, char * const *nargv, const char *options)
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:331:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int nargc, char * const *nargv, const char *options,
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:371:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "a:b:d:f:g:hk:l:mp:qs:v:w:xXz",
data/espeak-ng-1.50+dfsg/src/include/compat/getopt.h:26:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#include_next <getopt.h>
data/espeak-ng-1.50+dfsg/src/include/compat/getopt.h:44:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int nargc, char * const *nargv, const char *options,
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1227:22: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
strcpy(fname_temp, tmpnam(NULL));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:351:23: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
strcpy(fname_temp, tmpnam(NULL));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:347:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (check_data_path(getenv("ESPEAK_DATA_PATH"), 1))
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:361:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (check_data_path(getenv("ESPEAK_DATA_PATH"), 1))
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:364:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (check_data_path(getenv("HOME"), 0))
data/espeak-ng-1.50+dfsg/android/jni/jni/eSpeakService.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gender_buf[12];
data/espeak-ng-1.50+dfsg/android/jni/jni/eSpeakService.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char age_buf[12];
data/espeak-ng-1.50+dfsg/android/jni/jni/eSpeakService.c:195:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gender_buf, "%d", v->gender);
data/espeak-ng-1.50+dfsg/android/jni/jni/eSpeakService.c:196:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(age_buf, "%d", v->age);
data/espeak-ng-1.50+dfsg/emscripten/espeakng_glue.cpp:69:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f_phonemes_out = fopen(virtualFileName,"wb");
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:128:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filetype[5];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:129:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wavefile[200];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char age_buf[12];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char genders[4] = { '-', 'M', 'F', '-' };
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:168:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(age_buf, " --");
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:170:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(age_buf, "%3d", v->age);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:204:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char wave_hdr[44] = {
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:224:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_wavfile = fopen(path, "wb");
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[210];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[200];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char voicename[40];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devicename[200];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:362:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t option_punctlist[N_PUNCTLIST];
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:397:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_capitals = atoi(optarg2);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:409:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pitch = atoi(optarg2);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:418:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_linelength = atoi(optarg2);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:421:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volume = atoi(optarg2);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:424:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed = atoi(optarg2);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:427:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wordgap = atoi(optarg2);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:444:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wavefile, "stdout");
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:474:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
samples_split_seconds = atoi(optarg2) * 60;
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:480:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_phonemes_out = fopen(optarg2, "w")) == NULL)
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:490:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(optarg2))
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:678:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_text = fopen(filename, "r");
data/espeak-ng-1.50+dfsg/src/include/espeak-ng/speak_lib.h:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8]; // used for phoneme names (UTF8). Terminated by a zero byte unless the name needs the full 8 bytes.
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:59:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phsrc[sizeof(path_home)+40]; // Source: path to the 'phonemes' source file.
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:327:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_names[N_ITEM_STRING+1][N_PROCS];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[120];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:346:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(buf, "r")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:417:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char current_fname[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:433:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envelope_paths[N_ENVELOPES][80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:434:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char envelope_dat[N_ENVELOPES][ENV_LEN];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:470:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_string[N_ITEM_STRING];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:549:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
procedure_num = atoi(WordToString(prev_mnemonic));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[sizeof(path_home)+20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname_temp[100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[120];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[sizeof(path_home)+250];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1223:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname_temp, "/tmp/espeakXXXXXX");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1224:18: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd_temp = mkstemp(fname_temp)) >= 0)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1255:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname_temp, "rb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(envelope_dat[n_envelopes], buf, sizeof(envelope_dat[0]));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[128];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1394:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char env[ENV_LEN];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1437:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(envelope_dat[n_envelopes], env, ENV_LEN);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+150];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1482:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(buf, "rb")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1484:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(buf, "rb")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[N_ITEM_STRING];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1914:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phoneme_out, ph, sizeof(PHONEME_TAB));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number_buf[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipa_buf[N_ITEM_STRING+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2002:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number_buf, "%.3dP", n_procs);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2115:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(number_buf, p, 4); // U+ should be followed by 4 hex digits
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phoneme_tab2, phoneme_tab_list2[ix].phoneme_tab_ptr, sizeof(PHONEME_TAB)*N_PHONEME_TAB);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+120];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2471:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((stack_ix < N_STACK) && (f = fopen(buf, "rb")) != NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[sizeof(path_home)+40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phdst[sizeof(path_home)+40]; // Destination: path to the phondata/phontab/phonindex output files.
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2560:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_in = fopen(fname, "rb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2565:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_report = fopen(fname, "w");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2573:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_phcontents = fopen(fname, "w")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2591:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_phdata = fopen(fname, "wb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2601:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_phindex = fopen(fname, "wb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2612:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_phtab = fopen(fname, "wb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2624:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_prog_log = fopen(fname, "wb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2735:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2736:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tune_names[N_TUNE_NAMES][12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2737:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+150];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2743:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(buf, "r")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2745:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(buf, "r")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2798:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out = fopen(buf, "wb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2815:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_tune, &default_tune, sizeof(TUNE));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2846:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tune_data[tune_number], &new_tune, sizeof(TUNE));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char word_phonemes[N_WORD_PHONEMES]; // a word translated into phoneme codes
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *hash_chains[N_HASH_DICT];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char letterGroupsDefined[N_LETTER_GROUPS];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[LEN_GROUP_NAME+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_pre[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:225:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:265:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:299:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(suffix, "%c%d", suffix_char, rule[2] & 0x7f);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:303:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&suffix[strlen(suffix)], "%c", flag_chars[ix]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:338:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%5d:\t", linenum);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:342:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "?%d ", condition_num);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:400:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flag_codes[100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded_ph[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bad_phoneme_str[4];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:614:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dict_line[2], word, len_word);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:646:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dict_line[length], multiple_string, ix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:665:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p2, p, sizeof(char *));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:686:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p, p, sizeof(char *));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:699:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[sizeof(path_home)+45];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dict_line[256]; // length is uint8_t, so an entry can't take up more than 256 bytes
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:707:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(fname, "r")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:709:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(fname, "r")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:733:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &hash_chains[hash], sizeof(char *));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:736:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p+sizeof(char *), dict_line, length);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:746:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rule_cond[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:747:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rule_pre[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:748:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rule_post[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:749:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rule_match[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:750:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rule_phonemes[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:751:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char group_name[LEN_GROUP_NAME+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:770:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *outbuf[5] = { rule_cond, rule_pre, rule_match, rule_post, rule_phonemes };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:825:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char lettergp_letters[9] = { LETTERGP_A, LETTERGP_B, LETTERGP_C, 0, 0, LETTERGP_F, LETTERGP_G, LETTERGP_H, LETTERGP_Y };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1022:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[150];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1025:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bad_phoneme_str[4];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1124:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(&rule_cond[1]) + 32;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1127:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(rule_cond);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prule, output, len);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *items[N_LETTERGP_ITEMS];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_length[N_LETTERGP_ITEMS];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1254:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
group = atoi(&p[0]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[500];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rules[N_RULES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1339:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_temp = fopen(fname_temp, "wb")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1475:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_temp = fopen(fname_temp, "rb")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1529:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname_in[sizeof(path_home)+45];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname_out[sizeof(path_home)+15];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname_temp[sizeof(path_home)+15];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1532:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[sizeof(path_home)+40]; // path_dsource+20
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1550:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(fname_in, "r")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1552:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(fname_in, "r")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1557:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_out = fopen(fname_out, "wb+")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phoneme[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phoneme2[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrola_voice[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:89:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(filepath, "r")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:99:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mbrola_ctrl = atoi(&buf[6]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:128:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_out = fopen(buf, "wb")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dictionary_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:62:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char remove_accent[N_REMOVE_ACCENT] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[sizeof(path_home)+20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:227:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "rb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:406:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outptr, "* ");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phon_buf[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phon_buf2[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:977:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char phonetic[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:978:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char vowel_stress[N_WORD_PHONEMES/2];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1052:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char vowel_stress[N_WORD_PHONEMES/2];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1053:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syllable_weight[N_WORD_PHONEMES/2];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1054:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vowel_length[N_WORD_PHONEMES/2];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1055:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char phonetic[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1057:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char consonant_types[16] = { 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1231:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char guess_ru[16] = { 0, 0, 1, 1, 2, 3, 3, 4, 5, 6, 7, 7, 8, 9, 10, 11 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1232:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char guess_ru_v[16] = { 0, 0, 1, 1, 2, 2, 3, 3, 4, 5, 6, 7, 7, 8, 9, 10 }; // for final phoneme is a vowel
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1233:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char guess_ru_t[16] = { 0, 0, 1, 2, 3, 3, 3, 4, 5, 6, 7, 7, 7, 8, 9, 10 }; // for final phoneme is an unvoiced stop
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_buf[N_WORD_BYTES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1824:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word_buf, word_start-1, ix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2013:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word_buf, word_start-1, ix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2138:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&best, &match, sizeof(match));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2145:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decoded_phonemes[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(match_out, &best, sizeof(MatchRecord));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_copy[N_WORD_BYTES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2197:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char str_pause[2] = { phonPAUSE_NOLINK, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wordbuf[120];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2241:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2242:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2244:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&string[1], p, wc_bytes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2285:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&match1, &match2, sizeof(MatchRecord));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2306:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(phonemes, "%cen", phonSWITCH);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2411:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_start, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2421:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_start, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[N_WORD_BYTES+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2541:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, buf, ix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_buf[N_WORD_BYTES+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dict_flags_buf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2795:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_decoded[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2810:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word_buf, word2, word_end-word2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[N_WORD_BYTES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2844:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char word_replacement[N_WORD_BYTES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2852:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&word[length], word2, nbytes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2862:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&word[length], word2, nbytes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2942:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word, word1, len); // include multiple matching words
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2959:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char word_phonemes[N_WORD_PHONEMES]; // a word translated into phoneme codes
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2969:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2993:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:3020:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ending[50] = {0};
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:3043:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word_copy, word, i);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/error.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[512];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_command.c:51:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_text, text, size);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_command.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_text, text, size);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_command.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_list, punctlist, len);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_command.c:222:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, voice, sizeof(espeak_VOICE));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/event.c:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_event, event, sizeof(espeak_EVENT));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/event.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&events[0], event, sizeof(espeak_EVENT)); // the event parameter in the callback function should be an array of eventd
data/espeak-ng-1.50+dfsg/src/libespeak-ng/event.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&events[1], event, sizeof(espeak_EVENT));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[8+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:625:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[16+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[24+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ieee80.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char env_fall[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:78:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char env_rise[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:89:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char env_frise[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:100:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_r_frise[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:111:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_frise2[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:122:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_r_frise2[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:133:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_risefall[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:144:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_rise2[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:155:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_fall2[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:166:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_fallrise3[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:177:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_fallrise4[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:188:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char env_risefallrise[128] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:199:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *envelope_data[N_ENVELOPE_DATA] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/intonation.c:547:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char continue_tab[5] = { -26, 32, 20, 8, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrola.h:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char mbrola_name[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:105:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mbr_errorbuf[160];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1]; // 1 or more, dynamically allocated
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:219:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mbr_proc_stat = open(charbuf, O_RDONLY);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->buffer, cmd + result, len - result);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20]; // looking for "12345 (mbrola) S" so 20 is plenty
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:524:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wavhdr[45];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummybuf[4096];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char single_letter[10];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_letter1[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_letter2[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_accent1[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_accent2[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:483:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char single_letter[10] = { 0, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf3[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:507:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ph_buf1, "%c", phonSWITCH);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:515:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&single_letter[1], "_#%d ", letter);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:690:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char capital[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf2[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_alphabet[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:802:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hangul_buf[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:879:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexbuf, "%x", letter);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:916:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:959:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ph_ordinal2[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:960:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ph_ordinal2x[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1039:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_roman[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number_chars[N_WORD_BYTES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_of[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_thousands[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1201:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dM%do", value, thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1206:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dM%de", value, thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1211:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dM%dx", value, thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1216:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dM%d", value, thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1248:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_0M%d", thousandplex-1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1257:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dM1", value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[12]; // for looking up entries in *_list
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_ordinal[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_tens[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_digits[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_and[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1322:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dfx", value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1324:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%df", value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1331:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%d%cx", value, ord_type); // LANG=hu, special word for 1. 2. when there are no higher digits
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1338:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%d%c", value, ord_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1349:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%de", value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1355:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%do", value); // LANG=TA
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1357:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%da", value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1365:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%d", value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1382:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dX%c", tens, ord_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1394:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dXf", tens);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1396:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dX", tens);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1403:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dX", tens & 0xfe);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1419:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%df", units);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1424:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%d%c", units, ord_type);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1431:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%de", units);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1436:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%do", units); // LANG=TA, only for 100s, 1000s
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1438:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%da", units);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1443:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%d", units);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1535:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[12]; // for looking up entries in **_list
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_100[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1539:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_10T[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_digits[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_thousands[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_hundred_and[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_thousand_and[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1617:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dCo", hundreds);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1635:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dC0", hundreds);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1640:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dC", hundreds);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[32]; // for looking up entries in **_list
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_append[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1763:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf2[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_zeros[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1766:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[30]; // string[] must be long enough for sizeof(suffix)+2
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1767:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_digit_lookup[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1769:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char str_pause[2] = { phonPAUSE_NOLINK, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1779:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = this_value = atoi(word);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1914:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_0M%d", thousandplex+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1916:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_0M%d", thousandplex);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1945:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%dn", value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1994:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
LookupNum3(tr, atoi(&word[n_digits]), buf1, false, 0, 0);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2002:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
LookupNum3(tr, atoi(&word[n_digits]), ph_buf, false, 0, 0);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2005:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_0Z%d", decimal_count);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2020:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
LookupNum3(tr, atoi(&word[n_digits]), buf1, false, 0, 0);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2028:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "_%cd", word[n_digits]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/phoneme.h:254:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char phoneme_tab_flags[N_PHONEME_TAB]; // bit 0: not inherited
data/espeak-ng-1.50+dfsg/src/libespeak-ng/phoneme.h:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[N_PHONEME_TAB_NAME];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/phonemelist.c:40:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pause_phonemes[8] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/phonemelist.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&plist_out[n_plist_out], plist2, sizeof(PHONEME_LIST2));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/phonemelist.c:178:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&plist2[j-delete_count], &plist2[j], sizeof(plist2[0]));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/phonemelist.c:323:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ph_list3[k-1], &ph_list3[k], sizeof(*plist3));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:77:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char base_voice_variant_name[40] = { 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char current_voice_id[40] = { 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:189:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes[55];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes2[55];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char single_letter[24];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes[60];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes2[60];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:230:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[60];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:283:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "[\002(X1)(X1)(X1)]]");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname_temp[100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname2[sizeof(path_home)+13+40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:326:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(fname, "rb")) != NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[sizeof(fname2)+sizeof(fname2)+40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:347:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname_temp, "/tmp/espeakXXXXXX");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:348:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd_temp = mkstemp(fname_temp)) >= 0)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:361:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "rb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:376:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((p = (char *)realloc(soundicon_tab[index].data, length)) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:434:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
soundicon_tab[slot].filename = (char *)realloc(soundicon_tab[ix].filename, strlen(fname)+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:462:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\001%dI ", soundicon);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:490:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\001+10S"); // Speak punctuation name faster, unless we are already speaking fast. It would upset Sonic SpeedUp
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:498:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, " \001-10S");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:570:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&namedata[ix = namedata_ix], name, len);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:652:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t xml_buf[N_XML_BUF+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xml_buf2[N_XML_BUF2+2]; // for &<name> and &<number> sequences
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:656:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ungot_string[N_XML_BUF2+4];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:834:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&buf[ix], " ");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:912:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_buf[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:913:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_buf2[30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/spect.c:50:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[10];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/spect.c:295:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *stream = fopen(filename, "rb");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/spect.h:80:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char env[128];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:89:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_home[N_PATH_HOME]; // this is the espeak-ng-data directory
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:345:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(path_home)-13];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:644:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "<say-as interpret-as=\"tts:char\">&#%d;</say-as>", character);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.h:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char path_home[N_PATH_HOME]; // this is the espeak-ng-data directory
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:203:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *VoiceFromStack(SSML_STACK *ssml_stack, int n_ssml_stack, espeak_VOICE *base_voice, char base_voice_variant_name[40])
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:203:103: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *VoiceFromStack(SSML_STACK *ssml_stack, int n_ssml_stack, espeak_VOICE *base_voice, char base_voice_variant_name[40])
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:215:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char voice_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:286:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t empty[1] = { 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:312:31: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int GetVoiceAttributes(wchar_t *pw, int tag_type, SSML_STACK *ssml_sp, SSML_STACK *ssml_stack, int n_ssml_stack, char current_voice_id[40], espeak_VOICE *base_voice, char *base_voice_variant_name)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:312:121: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int GetVoiceAttributes(wchar_t *pw, int tag_type, SSML_STACK *ssml_sp, SSML_STACK *ssml_stack, int n_ssml_stack, char current_voice_id[40], espeak_VOICE *base_voice, char *base_voice_variant_name)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:389:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd_letter[N_SPEECH_PARAM] = { 0, 'S', 'A', 'P', 'R', 0, 'C', 0, 0, 0, 0, 0, 'F' }; // embedded command letters
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:418:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c%d%c", CTRL_EMBEDDED, value, cmd_letter[param]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:575:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:636:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *prosody_attr[5] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:749:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c%dY", CTRL_EMBEDDED, value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:793:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c%dM", CTRL_EMBEDDED, index);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:803:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:813:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c%dI", CTRL_EMBEDDED, index);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:822:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c%dU", CTRL_EMBEDDED, index);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:850:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&outbuf[*outix], "%c%dB", CTRL_EMBEDDED, value);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.h:41:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char voice_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.h:42:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbrola_name[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[sizeof(path_home)+15];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:117:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(path, "rb")) == NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:243:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:280:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " 0 %d", p1/4096);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:296:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d %d", y2, p2/4096);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:304:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d %d", env100, p_end);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:308:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d %d", 100, p_end);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:314:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "\t100 %d\n", p_end);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbr_buf[120];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:390:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phoneme_name[16];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:488:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "_ \t%d\n", PauseLength(pause, 0));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:50:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char phoneme_tab_flags[N_PHONEME_TAB]; // bit 0: not inherited
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:80:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_in = fopen(buf, "rb")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phoneme_tab_list[ix].name, p, N_PHONEME_TAB_NAME);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+10];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[200];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:414:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(buf, "r")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:724:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char n_words[16] = { 0, 1, 0, 0, 1, 1, 0, 1, 1, 2, 4, 0, 0, 0, 0, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthdata.c:987:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&worddata->prev_vowel, &plist[0], sizeof(PHONEME_LIST));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.c:86:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.c:470:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame2, frame1, sizeof(frame_t));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.c:1075:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v2, v, sizeof(voice_t));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.c:1155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phoneme_name[16];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fheight[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fwidth[6]; // width/4 f0-5
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:110:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fright[3]; // width/4 f0-2
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:111:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bw[4]; // Klatt bandwidth BNZ /2, f1,f2,f3
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:112:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char klattp[5]; // AV, FNZ, Tilt, Aspr, Skew
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:113:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char klattp2[5]; // continuation of klattp[], Avp, Fric, FricBP, Turb
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:114:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char klatt_ap[7]; // Klatt parallel amplitude
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:115:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char klatt_bp[7]; // Klatt parallel bandwidth /2
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:124:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fheight[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:125:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fwidth[6]; // width/4 f0-5
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:126:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fright[3]; // width/4 f0-2
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bw[4]; // Klatt bandwidth BNZ /2, f1,f2,f3
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:128:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char klattp[5]; // AV, FNZ, Tilt, Aspr, Skew
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipa_string[18];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:360:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flags[4];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char head_extend[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:378:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char unstr_start[3]; // for: onset, head, last
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:379:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char unstr_end[3];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:398:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char spare[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:413:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char env_fall[128];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:414:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char env_rise[128];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:415:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char env_frise[128];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:418:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char pitch_adjust_tab[MAX_PITCH_VALUE+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synthesize.h:478:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char *envelope_data[N_ENVELOPE_DATA];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:217:15: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t empty_wstring[1] = { 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:218:15: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t punct_in_word[2] = { '\'', 0 }; // allow hyphen within words
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:219:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char default_tunes[6] = { 0, 1, 2, 3, 0, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:316:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char punctuation_to_tone[INTONATION_TYPES][PUNCT_INTONATIONS] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:463:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_equal[8] = { 19, 19, 19, 19, 19, 19, 19, 19 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:466:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_fr[8] = { 18, 16, 18, 18, 18, 18, 18, 18 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:468:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_sk[8] = { 17, 16, 20, 20, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:473:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_ta[8] = { 18, 18, 18, 18, 20, 20, 22, 22 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:538:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_bn[8] = { 18, 18, 18, 18, 20, 20, 22, 22 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:539:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char bn_consonants2[3] = { 0x70, 0x71, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:577:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_cy[8] = { 17, 15, 18, 18, 0, 0, 22, 20 }; // 'diminished' is used to mark a quieter, final unstressed syllable
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:656:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_el[8] = { 15, 12, 20, 20, 20, 22, 22, 21 }; // 'diminished' is used to mark a quieter, final unstressed syllable
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:698:16: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t eo_char_apostrophe[2] = { 'l', 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:720:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_es[8] = { 16, 14, 15, 16, 20, 20, 22, 22 }; // 'diminished' is used to mark a quieter, final unstressed syllable
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:761:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_eu[8] = { 16, 16, 18, 18, 18, 18, 18, 18 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:802:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_fi[8] = { 18, 16, 22, 22, 20, 22, 22, 22 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:864:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_hi[8] = { 17, 14, 20, 19, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:896:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_hr[8] = { 17, 17, 20, 20, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:900:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tr->dictionary_name, "hbs");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:930:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_hu[8] = { 17, 17, 19, 19, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:981:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_id[8] = { 16, 18, 18, 18, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1013:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_it[8] = { 17, 15, 18, 16, 20, 22, 22, 22 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1072:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_tr[8] = { 18, 16, 20, 21, 20, 21, 21, 20 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1123:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_ku[8] = { 18, 18, 20, 20, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1165:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_lv[8] = { 14, 10, 10, 8, 0, 0, 20, 15 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1184:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_mk[8] = { 17, 17, 20, 20, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1247:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_pl[8] = { 17, 13, 19, 19, 20, 22, 22, 21 }; // 'diminished' is used to mark a quieter, final unstressed syllable
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1265:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_pt[8] = { 16, 11, 19, 21, 20, 22, 22, 21 }; // 'diminished' is used to mark a quieter, final unstressed syllable
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1285:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_ro[8] = { 15, 13, 18, 18, 20, 22, 22, 21 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1380:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_sq[8] = { 16, 12, 16, 16, 20, 20, 21, 19 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/tr_languages.c:1462:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char stress_amps_tr[8] = { 18, 16, 20, 21, 20, 21, 21, 20 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char translator2_language[20] = { 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skip_marker[N_MARKER_LENGTH];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_phonemes[N_WORD_PHONEMES]; // a word translated into phoneme codes
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:91:1: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t option_punctlist[N_PUNCTLIST] = { 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char source[N_TR_SOURCE+40]; // extra space for embedded command & voice change info at end
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:125:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char length_mods_en[100] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:140:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char length_mods_en0[100] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:155:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char length_mods_equal[100] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:169:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *length_mod_tabs[6] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:350:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mask[4] = { 0xff, 0x1f, 0x0f, 0x07 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:416:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unsigned code[4] = { 0, 0xc0, 0xe0, 0xf0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_buf[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word1, word_buf, ix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes2[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_phonemes[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unpron_phonemes[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end_phonemes[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end_phonemes2[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_copy[N_WORD_BYTES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:554:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_copy2[N_WORD_BYTES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_chars[0x3f + 2];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:575:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char word_zz[4] = { 0, 'z', 'z', 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:576:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char word_iz[4] = { 0, 'i', 'z', 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:577:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char word_ss[4] = { 0, 's', 's', 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:617:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word_copy2, word_start, word_copy_length);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:698:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(word_phonemes, "%c", phonSWITCH);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:819:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end_phonemes2[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:827:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:878:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_phonemes2[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:934:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:952:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:992:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1006:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word_start, word_copy2, word_copy_length);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char words_phonemes[N_WORD_PHONEMES]; // a word translated into phoneme codes
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[N_WORD_BYTES+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_copy[N_WORD_BYTES+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_replaced[N_WORD_BYTES+1];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_dictionary_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lang_name[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1419:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word, word_copy, word_copy_len);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1428:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_buf[N_WORD_PHONEMES];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1486:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word, word_copy, word_copy_len);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1760:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(&source[source_index]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1897:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char hangul_compatibility[0x34] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2020:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char voice_change_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[N_TR_SOURCE];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2560:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number_buf[150];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2592:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(word, number_buf, nx);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2619:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&num_wtab[nw++], &words[ix], sizeof(WORD_TAB)); // copy the 'words' entry for each word of numbers
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2639:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&num_wtab[nw], &words[ix], sizeof(WORD_TAB)*2); // the original number word, and the word after it
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2645:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pn, pw, 16);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:2671:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&number_buf[2], pw, nx);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:561:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tunes[6];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:585:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dictionary_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:587:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes_repeat[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:591:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stress_amps[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:592:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stress_amps_r[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:602:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char letter_bits[256];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:604:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const wchar_t *letter_groups[8];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:609:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char punct_to_tone[INTONATION_TYPES][PUNCT_INTONATIONS];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:613:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dict_hashtab[N_HASH_DICT]; // hash table to index dictionary lookup file
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *letterGroups[N_LETTER_GROUPS];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *groups1[256]; // translation rule lists, index by single letter
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *groups3[128]; // index by offset letter
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:621:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *groups2[N_RULE_GROUP2]; // translation rule lists, indexed by two-letter pairs
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:625:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char groups2_count[256]; // number of 2 letter groups for this initial letter
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:626:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char groups2_start[256]; // index into groups2
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:675:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char skip_marker[N_MARKER_LENGTH];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:678:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern wchar_t option_punctlist[N_PUNCTLIST]; // which punctuation characters to announce
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.h:682:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dictionary_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voice.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voice.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language_name[20];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voice.h:76:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tone_adjust[N_TONE_ADJUST]; // 8Hz steps * 1000 = 8kHz
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:180:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char variants_either[N_VOICE_VARIANTS] = { 1, 2, 12, 3, 13, 4, 14, 5, 11, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:181:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char variants_male[N_VOICE_VARIANTS] = { 1, 2, 3, 4, 5, 6, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:182:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char variants_female[N_VOICE_VARIANTS] = { 11, 12, 13, 14, 0 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:183:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *variant_lists[3] = { variants_either, variants_male, variants_female };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[120];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vname[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vgender[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlanguage[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char languages[300]; // allow space for several alternate language names and priorities
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:344:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, languages, langix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:369:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char default_heights[N_PEAKS] = { 130, 128, 120, 116, 100, 100, 128, 128, 128 }; // changed for v.1.47
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:370:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char default_widths[N_PEAKS] = { 140, 128, 128, 160, 171, 171, 128, 128, 128 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phon_string1[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phon_string2[12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:461:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(phon_string2, "NULL");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char voicename[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translator_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_dictionary[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phonemes_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+30];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_voices[sizeof(path_home)+12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names[8][40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:529:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char voice_identifier[40]; // file name for current_voice_selected
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:530:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char voice_name[40]; // voice name for current_voice_selected
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:531:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char voice_languages[100]; // list of languages and priorities for current_voice_selected
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:551:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_voice = fopen(buf, "r");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:655:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vgender[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:731:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((n = atoi(p)) > 0) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:943:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char variant_name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:944:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char variant_prefix[5];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:947:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(variant_prefix, "!v%c", PATHSEP);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:957:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
variant_num = atoi(p); // variant number
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:982:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(path_home)+80];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_part[41];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1276:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char voice_id[50];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1286:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[60];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1357:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp2, vp, sizeof(espeak_VOICE)); // copy from the original voice
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp2, vp, sizeof(espeak_VOICE)); // copy from the original voice
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[sizeof(path_home)+100];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1418:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_voice = fopen(fname, "r")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1456:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_voice = fopen(fname, "r")) == NULL)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1478:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[60];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1515:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[60];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_voices[sizeof(path_home)+12];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:139:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char modulation_tab[N_ROUGHNESS][8] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:153:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char Flutter_tab[N_FLUTTER] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:214:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char wavemult[N_WAVEMULT] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:226:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pitch_adjust_tab[MAX_PITCH_VALUE+1] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:285:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk_shape1[PEAKSHAPEW+1] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:305:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pk_shape2[PEAKSHAPEW+1] = {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:378:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char amp_emphasis[5] = { 16, 16, 10, 16, 22 };
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:1285:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SetPitch(length, (unsigned char *)q[2], q[3] >> 16, q[3] & 0xffff);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:1303:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = PlayWave(length, resume, (unsigned char *)q[2], q[3] & 0xff, q[3] >> 8);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:1317:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wdata.mix_wavefile = (unsigned char *)q[2];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/wavegen.c:1340:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SetAmplitude(length, (unsigned char *)q[2], q[3]);
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:247:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(arg, "r");
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:234:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(arg, "r");
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:233:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(arg, "r");
data/espeak-ng-1.50+dfsg/tests/fuzzrunner.c:36:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *stream = fopen(argv[i], "r");
data/espeak-ng-1.50+dfsg/tests/readclause.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char source[N_TR_SOURCE+40]; // extra space for embedded command & voice change info at end
data/espeak-ng-1.50+dfsg/tests/readclause.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char voice_change_name[40];
data/espeak-ng-1.50+dfsg/android/jni/jni/eSpeakService.c:72:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t *utf32 = (wchar_t *)malloc((strlen(utf8) + 1) * sizeof(wchar_t));
data/espeak-ng-1.50+dfsg/android/jni/jni/eSpeakService.c:308:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const espeak_ERROR result = espeak_Synth(c_text, strlen(c_text), 0, // position
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:377:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_argv_len = strlen(current_argv);
data/espeak-ng-1.50+dfsg/src/compat/getopt.c:385:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(long_options[i].name) ==
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:164:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p+1);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:596:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((extn != NULL) && ((wavefile + strlen(wavefile) - extn) <= 4)) {
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:690:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(p_text);
data/espeak-ng-1.50+dfsg/src/espeak-ng.c:714:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(stdin)) == EOF)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:378:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((p = (char *)malloc(strlen(name)+1)) != NULL) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:536:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(data_path);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:677:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix = strlen(string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:718:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f_in);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1231:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fname);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1275:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(f)) == EOF)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1279:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(f)) == EOF)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1305:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c1 = fgetc(f);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1306:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c3 = fgetc(f);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1523:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = (REF_HASH_TAB *)malloc(sizeof(REF_HASH_TAB)+strlen(path)+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:1868:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(string) <= 4) && ((ix = LookupPhoneme(string, 0)) != -1))
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2098:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(item_string, " ");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledata.c:2139:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = strlen(&ipa_buf[start]); // number of UTF-8 bytes
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:187:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total = strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:194:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 1;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:243:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &buf[strlen(buf)];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:266:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &buf[strlen(buf)];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:290:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += (strlen(name)+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:303:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&suffix[strlen(suffix)], "%c", flag_chars[ix]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:307:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(suffix);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:343:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &p[strlen(p)];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:345:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((ix = strlen(buf_pre)) > 0) || at_start) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:357:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix = strlen(output);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:545:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(phonetic, " "); // need a space to indicate word-boundary
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:603:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_word = strlen(word);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:609:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_phonetic = strlen(encoded_ph);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:790:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(rule_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:924:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mr->mnem);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1099:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf)+1;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1101:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_name = strlen(group_name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1112:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(rule_match);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1149:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ix = strlen(rule_pre)-1; ix >= start; ix--)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1155:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (strlen(rule_post)+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1170:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pa += (strlen(pa)+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1171:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pb += (strlen(pb)+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1179:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix = strlen(b->name) - strlen(a->name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1179:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix = strlen(b->name) - strlen(a->name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1199:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_name = strlen(name);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1210:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(p) + 1; // phoneme string
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1213:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(p2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1420:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((group3_ix == 0) && (strlen(group_name) > 2)) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compiledict.c:1501:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f_temp);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/compilembrola.c:41:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *current = filename + strlen(filename);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:97:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(to, from, size);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:171:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:196:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += (strlen(p) + 1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:212:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dictionary_name, name, 40); // currently loaded dictionary name
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:214:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tr->dictionary_name, name, 40);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:466:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return phon_out + strlen(phon_out);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:491:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:705:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1537:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(ph) + strlen(string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:1537:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(ph) + strlen(string);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2411:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p_start, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2421:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p_start, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2434:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2544:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(text);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2591:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen(word);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:2628:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phoneme_len = strlen(p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:3089:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/dictionary.c:3097:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/encoding.c:693:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length < 0) length = string ? strlen(string) + 1 : 0;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/encoding.c:715:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length < 0) length = string ? strlen(string) + 1 : 0;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/encoding.c:729:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length < 0) length = string ? wcslen(string) + 1 : 0;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/espeak_command.c:181:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (wcslen(punctlist) + 1)*sizeof(wchar_t);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/event.c:164:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:195:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = write(p_stderr[1], mbr_errorbuf, strlen(mbr_errorbuf));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:213:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = write(2, mbr_errorbuf, strlen(mbr_errorbuf));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:311:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mbr_errorbuf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:328:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(mbr_error_fd, buf_ptr,
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:373:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmd);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:416:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(mbr_proc_stat, buffer, sizeof(buffer)) != sizeof(buffer))
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:504:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t obtained = read(mbr_audio_fd, curpos, space);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/mbrowrap.c:589:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(mbr_audio_fd, dummybuf, sizeof(dummybuf));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:457:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ph_buf += strlen(ph_buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:728:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&capital[3]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:780:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ph_buf2) + 3;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:838:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&ph_buf[3]) + 3;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:884:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pbuf += strlen(pbuf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:897:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:903:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len + strlen(ph_buf2)) < N_WORD_PHONEMES)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1107:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &ph_out[strlen(ph_roman)];
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1472:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((ix = strlen(ph_tens)-1) >= 0) && (ph_digits[0] != 0)) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1494:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ix = 0; ix < (signed)strlen(ph_out); ix++) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1505:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ix = strlen(ph_out)-1; ix >= 0; ix--) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1706:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix = strlen(buf1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1856:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Lookup(tr, "_0", &ph_zeros[strlen(ph_zeros)]);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:1957:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ph_out += strlen(ph_out);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2036:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (IsDigit09(c = word[n_digits]) && (strlen(ph_out) < (N_WORD_PHONEMES - 10))) {
data/espeak-ng-1.50+dfsg/src/libespeak-ng/numbers.c:2040:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ph_out);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/phoneme.c:31:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!feature || strlen(feature) != 3)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:296:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f) & 0xff;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:434:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soundicon_tab[slot].filename = (char *)realloc(soundicon_tab[ix].filename, strlen(fname)+1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:518:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:556:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (wcslen((const wchar_t *)name)+1)*sizeof(wchar_t);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:559:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name)+1;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:672:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix += strlen(ungot_word);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:916:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(text_buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/readclause.c:1038:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix += strlen(p2);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:203:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:264:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:656:3: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(option_punctlist, punctlist, N_PUNCTLIST);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/speech.c:934:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:249:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += (strlen(p) + 1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:424:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outix += strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:751:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outix += strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:795:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outix += strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:815:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outix += strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/ssml.c:824:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outix += strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/synth_mbrola.c:311:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, "\n");
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:827:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:934:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:952:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:992:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1006:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(wordx, word_copy, strlen(word_copy));
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1069:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ix = strlen(word_phonemes);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/translate.c:1971:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:202:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:314:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(vlanguage) + 2;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:340:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *)calloc(sizeof(espeak_VOICE) + langix + strlen(fname) + strlen(vname) + 3, 1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:340:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *)calloc(sizeof(espeak_VOICE) + langix + strlen(fname) + strlen(vname) + 3, 1);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:352:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
langix += strlen(fname)+1;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:619:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(language_name) + 2;
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1157:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lang_len = strlen(voice_select->languages);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1228:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_part_len = strlen(last_part);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1238:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strcasecmp(last_part, &id[strlen(id)-last_part_len]) == 0)
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1604:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GetVoices(path_voices, strlen(path_voices)+1, 0);
data/espeak-ng-1.50+dfsg/src/libespeak-ng/voices.c:1607:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GetVoices(path_voices, strlen(path_voices)+1, 1);
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:63:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:70:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:75:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:77:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:82:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:84:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printcdata.c:86:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:52:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:59:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:64:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:66:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:71:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:73:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata.c:75:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return 0;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:52:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return false;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:59:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return false;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:64:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return false;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:66:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return false;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:71:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return false;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:73:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return false;
data/espeak-ng-1.50+dfsg/src/ucd-tools/tests/printucddata_cpp.cpp:75:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(in)) == EOF) return false;
data/espeak-ng-1.50+dfsg/tests/api.c:90:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:121:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_NOT_FOUND);
data/espeak-ng-1.50+dfsg/tests/api.c:153:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_ng_Synthesize(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == ENS_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:184:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_ng_Synthesize(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == ENS_VOICE_NOT_FOUND);
data/espeak-ng-1.50+dfsg/tests/api.c:220:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:255:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:291:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:326:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:362:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:404:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:444:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:484:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
data/espeak-ng-1.50+dfsg/tests/api.c:523:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(espeak_Synth(test, strlen(test)+1, 0, POS_CHARACTER, 0, espeakCHARS_AUTO, NULL, NULL) == EE_OK);
ANALYSIS SUMMARY:
Hits = 1062
Lines analyzed = 56083 in approximately 6.37 seconds (8798 lines/second)
Physical Source Lines of Code (SLOC) = 44885
Hits@level = [0] 268 [1] 170 [2] 621 [3] 13 [4] 258 [5] 0
Hits@level+ = [0+] 1330 [1+] 1062 [2+] 892 [3+] 271 [4+] 258 [5+] 0
Hits/KSLOC@level+ = [0+] 29.6313 [1+] 23.6605 [2+] 19.873 [3+] 6.03765 [4+] 5.74802 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 9 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.