Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/api.h Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/decoder.h Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/encoder.h Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/parser.h Examining data/gr-rds-3.8.0.0.f1c584a/lib/constants.h Examining data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.cc Examining data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.h Examining data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc Examining data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.h Examining data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.cc Examining data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.h Examining data/gr-rds-3.8.0.0.f1c584a/lib/tmc_locations_italy.h Examining data/gr-rds-3.8.0.0.f1c584a/lib/tmc_events.h FINAL RESULTS: data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.cc:86:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[12]; data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.h:49:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char offset_chars[4]; // [ABCcDEx] (x=error) data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:268:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(radiotext, text.c_str(), len); data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:276:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(PS, ps.c_str(), len); data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:471:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char temp[13]; // 13*8=104 data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:493:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *out = (unsigned char *) output_items[0]; data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radiotext[64]; data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.h:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char PS[8]; data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.cc:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flagstring[8] = "0000000"; data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.cc:481:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ps_on[8] = {' ',' ',' ',' ',' ',' ',' ',' '}; data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.h:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char radiotext[65]; data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.h:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char program_service_name[9]; ANALYSIS SUMMARY: Hits = 12 Lines analyzed = 19192 in approximately 0.92 seconds (20842 lines/second) Physical Source Lines of Code (SLOC) = 18613 Hits@level = [0] 2 [1] 0 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 14 [1+] 12 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.752162 [1+] 0.644711 [2+] 0.644711 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.