Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/lame-3.100/ACM/ACMStream.h Examining data/lame-3.100/ACM/DecodeStream.h Examining data/lame-3.100/ACM/main.cpp Examining data/lame-3.100/ACM/tinyxml/tinyxml.h Examining data/lame-3.100/ACM/tinyxml/tinyxmlerror.cpp Examining data/lame-3.100/ACM/tinyxml/xmltest.cpp Examining data/lame-3.100/ACM/tinyxml/tinyxmlparser.cpp Examining data/lame-3.100/ACM/tinyxml/tinyxml.cpp Examining data/lame-3.100/ACM/ADbg/ADbg.cpp Examining data/lame-3.100/ACM/ADbg/ADbg.h Examining data/lame-3.100/ACM/adebug.h Examining data/lame-3.100/ACM/DecodeStream.cpp Examining data/lame-3.100/ACM/AEncodeProperties.h Examining data/lame-3.100/ACM/ddk/msacmdrv.h Examining data/lame-3.100/ACM/ACM.h Examining data/lame-3.100/ACM/ACMStream.cpp Examining data/lame-3.100/ACM/AEncodeProperties.cpp Examining data/lame-3.100/ACM/ACM.cpp Examining data/lame-3.100/ACM/resource.h Examining data/lame-3.100/include/lame.h Examining data/lame-3.100/libmp3lame/psymodel.h Examining data/lame-3.100/libmp3lame/gain_analysis.c Examining data/lame-3.100/libmp3lame/set_get.c Examining data/lame-3.100/libmp3lame/fft.c Examining data/lame-3.100/libmp3lame/lame_global_flags.h Examining data/lame-3.100/libmp3lame/VbrTag.c Examining data/lame-3.100/libmp3lame/tables.h Examining data/lame-3.100/libmp3lame/vbrquantize.c Examining data/lame-3.100/libmp3lame/version.c Examining data/lame-3.100/libmp3lame/reservoir.h Examining data/lame-3.100/libmp3lame/newmdct.h Examining data/lame-3.100/libmp3lame/machine.h Examining data/lame-3.100/libmp3lame/i386/nasm.h Examining data/lame-3.100/libmp3lame/quantize.h Examining data/lame-3.100/libmp3lame/bitstream.c Examining data/lame-3.100/libmp3lame/encoder.c Examining data/lame-3.100/libmp3lame/id3tag.h Examining data/lame-3.100/libmp3lame/mpglib_interface.c Examining data/lame-3.100/libmp3lame/util.h Examining data/lame-3.100/libmp3lame/quantize_pvt.c Examining data/lame-3.100/libmp3lame/vbrquantize.h Examining data/lame-3.100/libmp3lame/version.h Examining data/lame-3.100/libmp3lame/reservoir.c Examining data/lame-3.100/libmp3lame/newmdct.c Examining data/lame-3.100/libmp3lame/fft.h Examining data/lame-3.100/libmp3lame/VbrTag.h Examining data/lame-3.100/libmp3lame/tables.c Examining data/lame-3.100/libmp3lame/takehiro.c Examining data/lame-3.100/libmp3lame/set_get.h Examining data/lame-3.100/libmp3lame/lameerror.h Examining data/lame-3.100/libmp3lame/psymodel.c Examining data/lame-3.100/libmp3lame/gain_analysis.h Examining data/lame-3.100/libmp3lame/util.c Examining data/lame-3.100/libmp3lame/quantize_pvt.h Examining data/lame-3.100/libmp3lame/l3side.h Examining data/lame-3.100/libmp3lame/lame-analysis.h Examining data/lame-3.100/libmp3lame/presets.c Examining data/lame-3.100/libmp3lame/id3tag.c Examining data/lame-3.100/libmp3lame/vector/xmm_quantize_sub.c Examining data/lame-3.100/libmp3lame/vector/lame_intrin.h Examining data/lame-3.100/libmp3lame/quantize.c Examining data/lame-3.100/libmp3lame/bitstream.h Examining data/lame-3.100/libmp3lame/lame.c Examining data/lame-3.100/libmp3lame/encoder.h Examining data/lame-3.100/frontend/timestatus.h Examining data/lame-3.100/frontend/brhist.c Examining data/lame-3.100/frontend/mp3x.c Examining data/lame-3.100/frontend/lametime.h Examining data/lame-3.100/frontend/main.h Examining data/lame-3.100/frontend/gtkanal.h Examining data/lame-3.100/frontend/rtp.h Examining data/lame-3.100/frontend/console.h Examining data/lame-3.100/frontend/gpkplotting.c Examining data/lame-3.100/frontend/rtp.c Examining data/lame-3.100/frontend/lame_main.c Examining data/lame-3.100/frontend/main.c Examining data/lame-3.100/frontend/get_audio.h Examining data/lame-3.100/frontend/gtkanal.c Examining data/lame-3.100/frontend/lametime.c Examining data/lame-3.100/frontend/timestatus.c Examining data/lame-3.100/frontend/brhist.h Examining data/lame-3.100/frontend/amiga_mpega.c Examining data/lame-3.100/frontend/parse.h Examining data/lame-3.100/frontend/gpkplotting.h Examining data/lame-3.100/frontend/mp3rtp.c Examining data/lame-3.100/frontend/console.c Examining data/lame-3.100/frontend/parse.c Examining data/lame-3.100/frontend/get_audio.c Examining data/lame-3.100/misc/mlame_corr.c Examining data/lame-3.100/misc/abx.c Examining data/lame-3.100/misc/ath.c Examining data/lame-3.100/misc/scalartest.c Examining data/lame-3.100/mpglib/tabinit.c Examining data/lame-3.100/mpglib/layer1.h Examining data/lame-3.100/mpglib/decode_i386.c Examining data/lame-3.100/mpglib/dct64_i386.h Examining data/lame-3.100/mpglib/mpg123.h Examining data/lame-3.100/mpglib/interface.c Examining data/lame-3.100/mpglib/layer2.h Examining data/lame-3.100/mpglib/common.c Examining data/lame-3.100/mpglib/layer3.h Examining data/lame-3.100/mpglib/decode_i386.h Examining data/lame-3.100/mpglib/huffman.h Examining data/lame-3.100/mpglib/dct64_i386.c Examining data/lame-3.100/mpglib/layer1.c Examining data/lame-3.100/mpglib/l2tables.h Examining data/lame-3.100/mpglib/tabinit.h Examining data/lame-3.100/mpglib/mpglib.h Examining data/lame-3.100/mpglib/common.h Examining data/lame-3.100/mpglib/layer3.c Examining data/lame-3.100/mpglib/layer2.c Examining data/lame-3.100/mpglib/interface.h Examining data/lame-3.100/dshow/resource.h Examining data/lame-3.100/dshow/REG.CPP Examining data/lame-3.100/dshow/Mpegac.h Examining data/lame-3.100/dshow/PropPage_adv.h Examining data/lame-3.100/dshow/UIDS.H Examining data/lame-3.100/dshow/aboutprp.cpp Examining data/lame-3.100/dshow/Encoder.h Examining data/lame-3.100/dshow/Encoder.cpp Examining data/lame-3.100/dshow/Mpegac.cpp Examining data/lame-3.100/dshow/REG.H Examining data/lame-3.100/dshow/aboutprp.h Examining data/lame-3.100/dshow/PropPage.cpp Examining data/lame-3.100/dshow/PropPage.h Examining data/lame-3.100/dshow/iaudioprops.h Examining data/lame-3.100/dshow/PropPage_adv.cpp Examining data/lame-3.100/configMS.h Examining data/lame-3.100/Dll/BladeMP3EncDLL.c Examining data/lame-3.100/Dll/BladeMP3EncDLL.h Examining data/lame-3.100/Dll/Example.cpp Examining data/lame-3.100/mac/MacDLLMain.c Examining data/lame-3.100/mac/Precompile_Common.h FINAL RESULTS: data/lame-3.100/ACM/ACM.cpp:255:9: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ::ShellExecute(hwndDlg,"open",tmpStr,NULL,"",SW_SHOWMAXIMIZED ); data/lame-3.100/ACM/ACM.cpp:257:9: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ::ShellExecute(hwndDlg,"open",Url,NULL,"",SW_SHOWMAXIMIZED ); data/lame-3.100/ACM/ACM.cpp:648:5: [4] (buffer) lstrcpyW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lstrcpyW( a_FormatTagDetails->szFormatTag, L"Lame MP3" ); data/lame-3.100/ACM/ACM.cpp:692:2: [4] (buffer) lstrcpyW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lstrcpyW( a_DriverDetail->szShortName, L"LAME MP3" ); data/lame-3.100/ACM/ACM.cpp:697:2: [4] (buffer) lstrcpyW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lstrcpyW( a_DriverDetail->szCopyright, L"2002 Steve Lhomme" ); data/lame-3.100/ACM/ACM.cpp:698:2: [4] (buffer) lstrcpyW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lstrcpyW( a_DriverDetail->szLicensing, L"LGPL (see gnu.org)" ); data/lame-3.100/ACM/ACM.cpp:700:2: [4] (buffer) lstrcpyW: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). lstrcpyW( a_DriverDetail->szFeatures , L"only CBR implementation" ); data/lame-3.100/ACM/ADbg/ADbg.cpp:102:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. result = vsprintf(tst,myformat,params); data/lame-3.100/ACM/tinyxml/tinyxml.h:53:20: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TIXML_LOG printf data/lame-3.100/Dll/BladeMP3EncDLL.c:652:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lpszDate,__DATE__); data/lame-3.100/Dll/Example.cpp:70:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strFileIn ,argv[1]); data/lame-3.100/Dll/Example.cpp:71:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strFileOut,argv[1]); data/lame-3.100/dshow/REG.CPP:44:9: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. lstrcpy(m_name, pName); data/lame-3.100/dshow/REG.CPP:67:9: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. lstrcpy(m_name, pName); data/lame-3.100/dshow/REG.CPP:92:9: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. lstrcpy(m_name, pName); data/lame-3.100/dshow/REG.CPP:119:5: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. lstrcpy(achName, m_name); data/lame-3.100/dshow/REG.CPP:121:9: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(achName, an); data/lame-3.100/dshow/REG.CPP:140:5: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. lstrcpy(achName, m_name); data/lame-3.100/dshow/REG.CPP:142:9: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(achName, an); data/lame-3.100/dshow/REG.CPP:255:5: [4] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. lstrcpy(pResult, pDefault); data/lame-3.100/dshow/aboutprp.cpp:126:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(strbuf, "LAME Encoder Version %s", get_lame_version()); data/lame-3.100/dshow/aboutprp.cpp:129:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(strbuf, "LAME Project Homepage: %s", get_lame_url()); data/lame-3.100/frontend/console.c:53:16: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. return vfprintf(fp, format, ap); data/lame-3.100/frontend/console.c:61:16: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. return vfprintf(fp, format, ap); data/lame-3.100/frontend/console.c:69:16: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. return vfprintf(fp, format, ap); data/lame-3.100/frontend/gtkanal.c:386:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title2, "%s mask_ratio=%3.2f %3.2f ener_ratio=%3.2f %3.2f", data/lame-3.100/frontend/gtkanal.c:549:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(label, blockname); data/lame-3.100/frontend/gtkanal.c:581:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title2, "MDCT%1i(%s) bits=%i/%i ", gr, label, bits, bits2); data/lame-3.100/frontend/gtkanal.c:651:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title2, "MDCT%1i(%s) bits=%i ", gr, label, bits); data/lame-3.100/frontend/gtkanal.c:830:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(label2, title2); data/lame-3.100/frontend/gtkanal.c:1244:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(text, "LAME version %s \n%s\n\n", get_lame_version(), get_lame_url()); data/lame-3.100/frontend/gtkanal.c:1247:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(text, "psycho-acoustic model: GPSYCHO version %s\n", get_psy_version()); data/lame-3.100/frontend/gtkanal.c:1250:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(text, "frame analyzer: MP3x version %s\n\n", get_mp3x_version()); data/lame-3.100/frontend/lametime.c:52:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. # warning Your system does not define CLOCKS_PER_SEC, guessing one... data/lame-3.100/frontend/parse.c:522:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, data/lame-3.100/frontend/parse.c:727:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, " --replaygain-fast compute RG fast but slightly inaccurately (default)\n" data/lame-3.100/frontend/parse.c:819:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, data/lame-3.100/frontend/parse.c:1967:34: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *fp = popen("less -Mqc", "w"); data/lame-3.100/libmp3lame/id3tag.c:234:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "LAME %s version %s (%s)", b, v, u); data/lame-3.100/libmp3lame/id3tag.c:237:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "LAME version %s (%s)", v, u); data/lame-3.100/libmp3lame/lame.c:1320:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (*dest != 0) strcat(dest, sep); data/lame-3.100/libmp3lame/lame.c:1321:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dest, str); data/lame-3.100/libmp3lame/util.c:716:12: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) vfprintf(stderr, format, args); data/lame-3.100/misc/abx.c:972:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf ( command, decoder[i].command, name_q ); data/lame-3.100/misc/abx.c:977:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ( (fp = popen (command, "r")) == NULL ) { data/lame-3.100/misc/ath.c:786:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system ( "./ath erb 700 22000 600 3 0.0001 > result1" ); data/lame-3.100/misc/ath.c:787:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system ( "./ath erb 1400 16 360 3 0.0001 > result2" ); data/lame-3.100/misc/ath.c:788:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system ( "xmgr result1 result2 &> /dev/null &" ); data/lame-3.100/Dll/Example.cpp:79:9: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hDLL = LoadLibrary("lame_enc.dll"); data/lame-3.100/Dll/Example.cpp:83:12: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hDLL = LoadLibrary("..\\..\\output\\lame_enc.dll"); data/lame-3.100/frontend/console.c:112:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char const* term_name = getenv("TERM"); data/lame-3.100/frontend/main.c:449:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* str = getenv(var); data/lame-3.100/misc/ath.c:319:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand ( time (NULL) ); data/lame-3.100/ACM/ACM.cpp:185:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[150]; data/lame-3.100/ACM/ACM.cpp:242:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR Url[200]; data/lame-3.100/ACM/ACM.cpp:306:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char DebugFileName[512]; data/lame-3.100/ACM/ACM.cpp:308:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/lame-3.100/ACM/ACM.cpp:693:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpStr[128]; data/lame-3.100/ACM/ACM.cpp:695:10: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int u = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, tmpStr, -1, a_DriverDetail->szLongName, 0); data/lame-3.100/ACM/ACM.cpp:696:2: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, tmpStr, -1, a_DriverDetail->szLongName, u); data/lame-3.100/ACM/ACM.cpp:1117:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (the_stream->open(my_EncodingProperties)) data/lame-3.100/ACM/ACM.cpp:1126:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (the_stream->open()) data/lame-3.100/ACM/ACM.cpp:1214:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[ACMFORMATDETAILS_FORMAT_CHARS]; data/lame-3.100/ACM/ACM.cpp:1251:10: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, temp, -1, the_String, ACMFORMATDETAILS_FORMAT_CHARS); data/lame-3.100/ACM/ACM.h:97:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char VersionString[120]; data/lame-3.100/ACM/ACMStream.cpp:67:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char DebugFileName[512]; data/lame-3.100/ACM/ACMStream.cpp:124:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool ACMStream::open(const AEncodeProperties & the_Properties) data/lame-3.100/ACM/ACMStream.h:58:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const AEncodeProperties & the_Properties); data/lame-3.100/ACM/ACMStream.h:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_WorkingBuffer[2304*2]; // should be at least twice my_SamplesPerBlock data/lame-3.100/ACM/ADbg/ADbg.cpp:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tst[1000]; data/lame-3.100/ACM/ADbg/ADbg.cpp:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char myformat[256]; data/lame-3.100/ACM/ADbg/ADbg.h:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[MAX_PREFIX_LENGTH]; data/lame-3.100/ACM/AEncodeProperties.cpp:441:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/lame-3.100/ACM/AEncodeProperties.cpp:488:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char DisplayStr[30] = "test tooltip"; data/lame-3.100/ACM/AEncodeProperties.cpp:889:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[MAX_PATH]; data/lame-3.100/ACM/AEncodeProperties.cpp:1006:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). AverageBitrate_Min = atoi(tmpname->c_str()); data/lame-3.100/ACM/AEncodeProperties.cpp:1010:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). AverageBitrate_Max = atoi(tmpname->c_str()); data/lame-3.100/ACM/AEncodeProperties.cpp:1014:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). AverageBitrate_Step = atoi(tmpname->c_str()); data/lame-3.100/ACM/AEncodeProperties.cpp:1513:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[MAX_PATH]; data/lame-3.100/ACM/AEncodeProperties.cpp:1966:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4]; data/lame-3.100/ACM/DecodeStream.cpp:67:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char DebugFileName[512]; data/lame-3.100/ACM/DecodeStream.cpp:121:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool DecodeStream::open() data/lame-3.100/ACM/DecodeStream.h:55:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(); data/lame-3.100/ACM/DecodeStream.h:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_WorkingBuffer[2304*2]; // should be at least twice my_SamplesPerBlock data/lame-3.100/ACM/tinyxml/tinyxml.cpp:436:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *i = atoi( s->c_str() ); data/lame-3.100/ACM/tinyxml/tinyxml.cpp:445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/lame-3.100/ACM/tinyxml/tinyxml.cpp:446:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%d", val ); data/lame-3.100/ACM/tinyxml/tinyxml.cpp:619:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = fopen( filename.c_str(), "r" ); data/lame-3.100/ACM/tinyxml/tinyxml.cpp:635:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE]; data/lame-3.100/ACM/tinyxml/tinyxml.cpp:657:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen( filename.c_str(), "w" ); data/lame-3.100/Dll/BladeMP3EncDLL.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer[1024]={'\0',}; data/lame-3.100/Dll/BladeMP3EncDLL.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[MAX_PATH+1]={'\0',}; data/lame-3.100/Dll/BladeMP3EncDLL.c:85:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen( szFileName, "a+" ); data/lame-3.100/Dll/BladeMP3EncDLL.c:275:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lameConfig,pbeConfig,pbeConfig->format.LHV1.dwStructSize); data/lame-3.100/Dll/BladeMP3EncDLL.c:626:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lpszDate[20] = { '\0', }; data/lame-3.100/Dll/BladeMP3EncDLL.c:627:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lpszTemp[5] = { '\0', }; data/lame-3.100/Dll/BladeMP3EncDLL.c:674:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pbeVersion->byDay = (BYTE) atoi( lpszDate + 4 ); data/lame-3.100/Dll/BladeMP3EncDLL.c:677:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pbeVersion->wYear = (WORD) atoi( lpszDate + 7 ); data/lame-3.100/Dll/BladeMP3EncDLL.c:681:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( pbeVersion->zHomepage, "http://www.mp3dev.org/" ); data/lame-3.100/Dll/BladeMP3EncDLL.c:753:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3_frame_header[4]; data/lame-3.100/Dll/BladeMP3EncDLL.c:772:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id3v2Header[10]; data/lame-3.100/Dll/BladeMP3EncDLL.c:873:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpStream=fopen( lpszFileName, "rb+" ); data/lame-3.100/Dll/Example.cpp:74:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(strFileOut,".mp3"); data/lame-3.100/Dll/Example.cpp:121:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFileIn = fopen( strFileIn, "rb" ); data/lame-3.100/Dll/Example.cpp:131:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFileOut= fopen(strFileOut,"wb+"); data/lame-3.100/dshow/Encoder.cpp:75:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&m_wfex, lpwfex, sizeof(WAVEFORMATEX)); data/lame-3.100/dshow/Encoder.cpp:462:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3_frame_header[4]; data/lame-3.100/dshow/Encoder.cpp:484:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id3v2Header[10]; data/lame-3.100/dshow/Encoder.h:96:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pwfex, &m_wfex, sizeof(WAVEFORMATEX)); data/lame-3.100/dshow/Encoder.h:111:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pmabsi, &m_mabsi, sizeof(MPEG_ENCODER_CONFIG)); data/lame-3.100/dshow/Mpegac.cpp:399:5: [2] (buffer) CopyMemory: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CopyMemory(pDst, pblock, iBlockLength); data/lame-3.100/dshow/Mpegac.cpp:445:5: [2] (buffer) CopyMemory: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CopyMemory(pDst, pframe, frame_size); data/lame-3.100/dshow/PropPage.cpp:33:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * szBitRateString[2][14] = { data/lame-3.100/dshow/PropPage_adv.cpp:38:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *chChMode[4] = { data/lame-3.100/dshow/REG.CPP:114:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR achName[MAX_PATH]; data/lame-3.100/dshow/REG.CPP:135:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR achName[MAX_PATH]; data/lame-3.100/dshow/REG.H:31:2: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR m_name[MAX_PATH]; data/lame-3.100/frontend/brhist.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bar_asterisk[512 + 1]; /* buffer filled up with a lot of '*' to print a bar */ data/lame-3.100/frontend/brhist.c:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bar_percent[512 + 1]; /* buffer filled up with a lot of '%' to print a bar */ data/lame-3.100/frontend/brhist.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bar_coded[512 + 1]; /* buffer filled up with a lot of ' ' to print a bar */ data/lame-3.100/frontend/brhist.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bar_space[512 + 1]; /* buffer filled up with a lot of ' ' to print a bar */ data/lame-3.100/frontend/brhist.c:137:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brppt[14]; /* [%] and max. 10 characters for kbps */ data/lame-3.100/frontend/brhist.c:151:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(brppt, " [%*i]", digits(frames), br_hist_TOT); data/lame-3.100/frontend/brhist.c:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rst[20] = "\0"; data/lame-3.100/frontend/brhist.c:196:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rst, "%*u:%02u:%02u", digits(hour), hour, min, sec); data/lame-3.100/frontend/brhist.c:200:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rst, "%02u:%02u", min, sec); data/lame-3.100/frontend/brhist.c:208:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rst, "%.*s", res - 1, brhist.bar_coded); data/lame-3.100/frontend/console.c:15:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/console.c:15:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/console.c:16:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/console.c:89:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tc[16]; data/lame-3.100/frontend/console.c:114:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char term_buff[4096]; data/lame-3.100/frontend/console.c:146:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mfp->str_up, "\033[A"); data/lame-3.100/frontend/console.h:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_up[10]; data/lame-3.100/frontend/console.h:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_clreoln[10]; data/lame-3.100/frontend/console.h:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_emph[10]; data/lame-3.100/frontend/console.h:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_norm[10]; data/lame-3.100/frontend/console.h:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Console_buff[2048]; data/lame-3.100/frontend/get_audio.c:48:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/get_audio.c:48:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/get_audio.c:49:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/get_audio.c:113:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[10]; data/lame-3.100/frontend/get_audio.c:146:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[2] = { 0, 0 }; data/lame-3.100/frontend/get_audio.c:159:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[4] = { 0, 0, 0, 0 }; data/lame-3.100/frontend/get_audio.c:173:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[2] = { 0, 0 }; data/lame-3.100/frontend/get_audio.c:185:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[4] = { 0, 0, 0, 0 }; data/lame-3.100/frontend/get_audio.c:199:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[2]; data/lame-3.100/frontend/get_audio.c:208:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[4]; data/lame-3.100/frontend/get_audio.c:313:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + b_used, src + a_skip, a_want); data/lame-3.100/frontend/get_audio.c:318:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + b_used, src + a_skip, a_want); data/lame-3.100/frontend/get_audio.c:334:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a0, b->ch[0], a_take); data/lame-3.100/frontend/get_audio.c:337:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a1, b->ch[1], a_take); data/lame-3.100/frontend/get_audio.c:423:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/lame-3.100/frontend/get_audio.c:425:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PIPE_BUF]; data/lame-3.100/frontend/get_audio.c:1955:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char abl2[16] = { 0, 7, 7, 7, 0, 7, 0, 0, 0, 0, 0, 8, 8, 8, 8, 8 }; data/lame-3.100/frontend/get_audio.c:2017:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[100]; data/lame-3.100/frontend/get_audio.c:2045:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(global.in_id3v2_tag, buf, 10); data/lame-3.100/frontend/get_audio.c:2160:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/lame-3.100/frontend/get_audio.c:2217:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[2 * 1152 * 2]; data/lame-3.100/frontend/gpkplotting.c:39:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/gpkplotting.c:39:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/gpkplotting.c:40:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/gtkanal.c:138:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3buffer[LAME_MAXMP3BUFFER]; data/lame-3.100/frontend/gtkanal.c:253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title2[80]; data/lame-3.100/frontend/gtkanal.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[80], label2[80]; data/lame-3.100/frontend/gtkanal.c:325:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, "%3.1fkHz %ikbs ", samp / 1000, pplot1->bitrate); data/lame-3.100/frontend/gtkanal.c:347:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, "bv=%i,%i ", pplot1->big_values[0][ch], pplot1->big_values[1][ch]); data/lame-3.100/frontend/gtkanal.c:351:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, "scfsi=%i ", pplot1->scfsi[ch]); data/lame-3.100/frontend/gtkanal.c:354:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, " mdb=%i %i/NA", pplot1->maindata, pplot1->totbits); data/lame-3.100/frontend/gtkanal.c:356:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, " mdb=%i %i/%i", data/lame-3.100/frontend/gtkanal.c:551:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(label, "(mixed)"); data/lame-3.100/frontend/gtkanal.c:687:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, "FFT%1i pe=%5.2fK en=%5.2e ", gr, pplot->pe[gr][ch] / 1000, en); data/lame-3.100/frontend/gtkanal.c:736:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, data/lame-3.100/frontend/gtkanal.c:812:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label2, data/lame-3.100/frontend/gtkanal.c:820:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label2, "SFB scale=%i preflag=%i", pplot1->scalefac_scale[gr][ch], data/lame-3.100/frontend/gtkanal.c:829:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title2, " ggain=%i", ggain); data/lame-3.100/frontend/gtkanal.c:853:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[80]; data/lame-3.100/frontend/gtkanal.c:859:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label, "Frame:%4i/%4i %6.2fs", pplot->frameNum, (int) tf - 1, pplot->frametime); data/lame-3.100/frontend/gtkanal.c:910:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Pinfo[i], &Pinfo[i - 1], sizeof(plotting_data)); data/lame-3.100/frontend/gtkanal.c:1151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[256]; data/lame-3.100/frontend/gtkanal.c:1263:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "frames processed so far: %i \n", Pinfo[0].frameNum + 1); data/lame-3.100/frontend/gtkanal.c:1265:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "granules processed so far: %i \n\n", 4 * (Pinfo[0].frameNum + 1)); data/lame-3.100/frontend/gtkanal.c:1267:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "mean bits/frame (approximate): %i\n", gtkinfo.approxbits); data/lame-3.100/frontend/gtkanal.c:1269:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "mean bits/frame (from LAME): %i\n", 4 * Pinfo[0].mean_bits); data/lame-3.100/frontend/gtkanal.c:1271:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "bitsize of largest frame: %i \n", gtkinfo.maxbits); data/lame-3.100/frontend/gtkanal.c:1273:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "average bits/frame: %3.1f \n\n", gtkinfo.avebits); data/lame-3.100/frontend/gtkanal.c:1275:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "ms_stereo frames: %i \n", gtkinfo.totms); data/lame-3.100/frontend/gtkanal.c:1277:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "i_stereo frames: %i \n", gtkinfo.totis); data/lame-3.100/frontend/gtkanal.c:1279:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "de-emphasis frames: %i \n", gtkinfo.totemph); data/lame-3.100/frontend/gtkanal.c:1281:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "short block granules: %i \n", gtkinfo.totshort); data/lame-3.100/frontend/gtkanal.c:1283:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "mixed block granules: %i \n", gtkinfo.totmix); data/lame-3.100/frontend/gtkanal.c:1285:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "preflag granules: %i \n", gtkinfo.totpreflag); data/lame-3.100/frontend/gtkanal.c:1447:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frameinfo[80]; data/lame-3.100/frontend/gtkanal.c:1477:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(frameinfo, "MP3x: "); data/lame-3.100/frontend/lame_main.c:43:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/lame_main.c:43:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/lame_main.c:44:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/lame_main.c:330:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3buffer[LAME_MAXMP3BUFFER]; data/lame-3.100/frontend/lame_main.c:367:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3buffer[128]; data/lame-3.100/frontend/lame_main.c:391:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3buffer[LAME_MAXMP3BUFFER]; data/lame-3.100/frontend/lame_main.c:533:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inPath[PATH_MAX + 1]; data/lame-3.100/frontend/lame_main.c:534:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outPath[PATH_MAX + 1]; data/lame-3.100/frontend/lame_main.c:535:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nogapdir[PATH_MAX + 1]; data/lame-3.100/frontend/lame_main.c:540:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nogap_inPath_[MAX_NOGAP][PATH_MAX + 1]; data/lame-3.100/frontend/lame_main.c:541:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nogap_inPath[MAX_NOGAP]; data/lame-3.100/frontend/lame_main.c:542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nogap_outPath_[MAX_NOGAP][PATH_MAX + 1]; data/lame-3.100/frontend/lame_main.c:543:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nogap_outPath[MAX_NOGAP]; data/lame-3.100/frontend/main.c:43:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/main.c:43:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/main.c:44:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/main.c:287:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int n = MultiByteToWideChar(code_page, 0, mbstr, -1, NULL, 0); data/lame-3.100/frontend/main.c:290:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). n = MultiByteToWideChar(code_page, 0, mbstr, -1, wstr, n); data/lame-3.100/frontend/main.c:363:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int n = MultiByteToWideChar(CP_UTF8, 0, mbstr, -1, NULL, 0); data/lame-3.100/frontend/main.c:367:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). n = MultiByteToWideChar(CP_UTF8, 0, mbstr, -1, wstr+1, n); data/lame-3.100/frontend/main.c:419:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(file, mode); data/lame-3.100/frontend/main.c:444:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(file, mode); data/lame-3.100/frontend/mp3rtp.c:133:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3buffer[LAME_MAXMP3BUFFER]; data/lame-3.100/frontend/mp3rtp.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inPath[PATH_MAX + 1]; data/lame-3.100/frontend/mp3rtp.c:135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outPath[PATH_MAX + 1]; data/lame-3.100/frontend/mp3rtp.c:144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/lame-3.100/frontend/mp3x.c:34:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mp3buffer[LAME_MAXMP3BUFFER]; data/lame-3.100/frontend/mp3x.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outPath[PATH_MAX + 1]; data/lame-3.100/frontend/mp3x.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inPath[PATH_MAX + 1]; data/lame-3.100/frontend/parse.c:44:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/parse.c:44:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/parse.c:45:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/parse.c:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[32]; data/lame-3.100/frontend/parse.c:1041:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (((atoi(preset_name)) > 0) && (fast < 1)) { data/lame-3.100/frontend/parse.c:1042:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(preset_name)) >= 8 && (atoi(preset_name)) <= 320) { data/lame-3.100/frontend/parse.c:1042:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(preset_name)) >= 8 && (atoi(preset_name)) <= 320) { data/lame-3.100/frontend/parse.c:1043:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lame_set_preset(gfp, atoi(preset_name)); data/lame-3.100/frontend/parse.c:1499:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outDir[PATH_MAX+1] = ""; data/lame-3.100/frontend/parse.c:2611:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str_argv[512], *str; data/lame-3.100/frontend/rtp.c:62:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/rtp.c:62:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/rtp.c:63:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/frontend/timestatus.c:238:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *mode_names[2][4] = { data/lame-3.100/libmp3lame/VbrTag.c:869:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id3v2Header[10]; data/lame-3.100/libmp3lame/VbrTag.c:992:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[nStreamIndex], btToc, sizeof(btToc)); data/lame-3.100/libmp3lame/VbrTag.h:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char toc[NUMTOCENTRIES]; /* may be NULL if toc not desired */ data/lame-3.100/libmp3lame/bitstream.c:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bs->buf[bs->buf_byte_idx], esv->header[esv->w_ptr].buf, cfg->sideinfo_len); data/lame-3.100/libmp3lame/bitstream.c:310:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crc = CRC_update(((unsigned char *) header)[2], crc); data/lame-3.100/libmp3lame/bitstream.c:311:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crc = CRC_update(((unsigned char *) header)[3], crc); data/lame-3.100/libmp3lame/bitstream.c:313:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crc = CRC_update(((unsigned char *) header)[i], crc); data/lame-3.100/libmp3lame/bitstream.c:1064:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, bs->buf, minimum); data/lame-3.100/libmp3lame/encoder.c:472:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gfc->pinfo->xr[gr][ch], &gfc->l3_side.tt[gr][ch].xr[0], sizeof(FLOAT) * 576); data/lame-3.100/libmp3lame/gain_analysis.c:304:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->linprebuf + MAX_ORDER, left_samples, num_samples * sizeof(Float_t)); data/lame-3.100/libmp3lame/gain_analysis.c:305:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->rinprebuf + MAX_ORDER, right_samples, num_samples * sizeof(Float_t)); data/lame-3.100/libmp3lame/gain_analysis.c:308:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->linprebuf + MAX_ORDER, left_samples, MAX_ORDER * sizeof(Float_t)); data/lame-3.100/libmp3lame/gain_analysis.c:309:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->rinprebuf + MAX_ORDER, right_samples, MAX_ORDER * sizeof(Float_t)); data/lame-3.100/libmp3lame/gain_analysis.c:398:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->linprebuf + MAX_ORDER - num_samples, left_samples, data/lame-3.100/libmp3lame/gain_analysis.c:400:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->rinprebuf + MAX_ORDER - num_samples, right_samples, data/lame-3.100/libmp3lame/gain_analysis.c:404:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->linprebuf, left_samples + num_samples - MAX_ORDER, data/lame-3.100/libmp3lame/gain_analysis.c:406:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgData->rinprebuf, right_samples + num_samples - MAX_ORDER, data/lame-3.100/libmp3lame/id3tag.c:50:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/libmp3lame/id3tag.c:50:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/libmp3lame/id3tag.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/lame-3.100/libmp3lame/id3tag.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/lame-3.100/libmp3lame/id3tag.c:261:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%lu", playlength_ms); data/lame-3.100/libmp3lame/id3tag.c:426:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dst, src, n * sizeof(**dst)); data/lame-3.100/libmp3lame/id3tag.c:452:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dst, src, n * sizeof(**dst)); data/lame-3.100/libmp3lame/id3tag.c:654:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gfc->tag_spec.albumart, image, size); data/lame-3.100/libmp3lame/id3tag.c:818:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d[3]; data/lame-3.100/libmp3lame/id3tag.c:871:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lang[4]; data/lame-3.100/libmp3lame/id3tag.c:908:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lang[4]; data/lame-3.100/libmp3lame/id3tag.c:1154:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int num = atoi(year); data/lame-3.100/libmp3lame/id3tag.c:1193:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int num = atoi(track); data/lame-3.100/libmp3lame/id3tag.c:1618:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fid[5] = {0,0,0,0,0}; data/lame-3.100/libmp3lame/id3tag.c:1879:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char year[5]; data/lame-3.100/libmp3lame/id3tag.c:1889:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(year, "%d", gfc->tag_spec.year); data/lame-3.100/libmp3lame/id3tag.c:1909:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tag[128]; data/lame-3.100/libmp3lame/id3tag.h:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lng[4]; /* 3-character language descriptor */ data/lame-3.100/libmp3lame/id3tag.h:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char language[4]; /* the language of the frame's content, according to ISO-639-2 */ data/lame-3.100/libmp3lame/l3side.h:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char energy_above_cutoff[SFBMAX]; data/lame-3.100/libmp3lame/lame.c:1348:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[256] = { 0 }; data/lame-3.100/libmp3lame/machine.h:40:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/libmp3lame/machine.h:40:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/libmp3lame/machine.h:41:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/libmp3lame/mpglib_interface.c:254:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char out[OUTSIZE_CLIPPED]; data/lame-3.100/libmp3lame/mpglib_interface.c:355:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char out[OUTSIZE_UNCLIPPED]; data/lame-3.100/libmp3lame/mpglib_interface.c:435:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char out[OUTSIZE_CLIPPED]; data/lame-3.100/libmp3lame/newmdct.c:1036:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(esv->sb_sample[ch][0], esv->sb_sample[ch][1], 576 * sizeof(FLOAT)); data/lame-3.100/libmp3lame/psymodel.c:1049:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask_idx_s[CBANDS]; data/lame-3.100/libmp3lame/psymodel.c:1151:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask_idx_l[CBANDS + 2]; data/lame-3.100/libmp3lame/psymodel.c:1451:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&last_thm[0], &psv->thm[0], sizeof(last_thm)); data/lame-3.100/libmp3lame/quantize.c:307:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ixwork, cod_info->xr, 576 * sizeof(FLOAT)); data/lame-3.100/libmp3lame/quantize.c:1046:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_xrpow, xrpow, sizeof(FLOAT) * 576); data/lame-3.100/libmp3lame/quantize.c:1146:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save_xrpow, xrpow, sizeof(FLOAT) * 576); data/lame-3.100/libmp3lame/quantize.c:1168:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xrpow, save_xrpow, sizeof(FLOAT) * 576); data/lame-3.100/libmp3lame/quantize.c:1190:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xrpow, save_xrpow, sizeof(FLOAT) * 576); data/lame-3.100/libmp3lame/quantize.c:1287:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bst_xrpow, xrpow, sizeof(FLOAT) * 576); data/lame-3.100/libmp3lame/quantize.c:1307:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xrpow, bst_xrpow, sizeof(FLOAT) * 576); data/lame-3.100/libmp3lame/quantize.c:1319:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cod_info->l3_enc, bst_cod_info.l3_enc, sizeof(int) * 576); data/lame-3.100/libmp3lame/quantize_pvt.c:1071:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cod_info->scalefac, scalefac_sav, sizeof(scalefac_sav)); data/lame-3.100/libmp3lame/takehiro.c:871:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gi, cod_info2, sizeof(gr_info)); data/lame-3.100/libmp3lame/takehiro.c:903:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cod_info2, gi, sizeof(gr_info)); data/lame-3.100/libmp3lame/takehiro.c:918:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cod_info2, gi, sizeof(gr_info)); data/lame-3.100/libmp3lame/takehiro.c:955:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gi, &cod_info2, sizeof(gr_info)); data/lame-3.100/libmp3lame/util.c:694:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mfbuf[ch][mf_size], &in_buffer[ch][0], nout * sizeof(mfbuf[0][0])); data/lame-3.100/libmp3lame/util.h:278:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_HEADER_LEN]; data/lame-3.100/libmp3lame/util.h:338:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bv_scf[576]; data/lame-3.100/misc/abx.c:585:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open ( "/dev/dsp", O_WRONLY ); data/lame-3.100/misc/abx.c:593:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message [80] = "A "; data/lame-3.100/misc/abx.c:605:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "A " ); data/lame-3.100/misc/abx.c:614:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, " B" ); data/lame-3.100/misc/abx.c:621:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, " X " ); data/lame-3.100/misc/abx.c:680:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "Difference (+40 dB)" ); data/lame-3.100/misc/abx.c:687:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "Difference (+30 dB)" ); data/lame-3.100/misc/abx.c:694:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "Difference (+20 dB)" ); data/lame-3.100/misc/abx.c:701:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "Difference (+10 dB)" ); data/lame-3.100/misc/abx.c:708:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "Difference ( 0 dB)" ); data/lame-3.100/misc/abx.c:723:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( message, " B (Errors -%c dB)", (char)c ); data/lame-3.100/misc/abx.c:738:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( message, " B (Errors +%c dB)", c ); data/lame-3.100/misc/abx.c:752:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message," X " ); data/lame-3.100/misc/abx.c:763:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message," X " ); data/lame-3.100/misc/abx.c:813:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "A " ); data/lame-3.100/misc/abx.c:822:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, " B" ); data/lame-3.100/misc/abx.c:831:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, " X " ); data/lame-3.100/misc/abx.c:840:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ( message, "!X " ); data/lame-3.100/misc/ath.c:101:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( -1 == (k->fd = open ( k->device, O_WRONLY )) ) { data/lame-3.100/misc/ath.c:162:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( fd < 0 ) fd = open ( COOLEDIT_FILE, O_WRONLY | O_CREAT ); data/lame-3.100/misc/ath.c:577:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff [32767]; data/lame-3.100/misc/mlame_corr.c:211:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fd = open ( name, O_RDONLY )) >= 0 ) { data/lame-3.100/mpglib/common.c:152:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *modes[4] = { "Stereo", "Joint-Stereo", "Dual-Channel", "Single-Channel" }; data/lame-3.100/mpglib/common.c:153:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *layers[4] = { "Unknown", "I", "II", "III" }; data/lame-3.100/mpglib/common.c:169:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *modes[4] = { "stereo", "joint-stereo", "dual-channel", "mono" }; data/lame-3.100/mpglib/common.c:170:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *layers[4] = { "Unknown", "I", "II", "III" }; data/lame-3.100/mpglib/common.c:361:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mp->wordpointer, bsbufold + mp->fsizeold - backstep, (size_t) backstep); data/lame-3.100/mpglib/decode_i386.c:46:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/mpglib/decode_i386.c:46:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/mpglib/decode_i386.c:47:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/mpglib/interface.c:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nbuf->pnt, buf, (size_t) size); data/lame-3.100/mpglib/interface.c:221:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + len, mp->tail->pnt + mp->tail->pos, (size_t) nlen); data/lame-3.100/mpglib/interface.c:251:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char xing[XING_HEADER_SIZE]; data/lame-3.100/mpglib/layer1.c:53:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char allocation[SBLIMIT][2]; data/lame-3.100/mpglib/layer1.c:54:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scalefactor[SBLIMIT][2]; data/lame-3.100/mpglib/layer2.c:41:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char grp_3tab[32 * 3] = { 0, }; /* used: 27 */ data/lame-3.100/mpglib/layer2.c:42:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char grp_5tab[128 * 3] = { 0, }; /* used: 125 */ data/lame-3.100/mpglib/layer2.c:43:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char grp_9tab[1024 * 3] = { 0, }; /* used: 729 */ data/lame-3.100/mpglib/layer2.c:57:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char base[3][9] = { data/lame-3.100/mpglib/layer2.c:65:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *itable, *tables[3] = { grp_3tab, grp_5tab, grp_9tab }; data/lame-3.100/mpglib/layer2.c:124:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char allocation[SBLIMIT][2]; data/lame-3.100/mpglib/layer2.c:125:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scalefactor[SBLIMIT][2][3]; /* subband / channel / block */ data/lame-3.100/mpglib/layer2.c:137:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scfsi[SBLIMIT][2]; data/lame-3.100/mpglib/layer3.c:571:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char slen[2][16] = { data/lame-3.100/mpglib/layer3.c:664:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char stab[3][6][4] = { data/lame-3.100/mpglib/layer3.c:687:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pnt = (unsigned char const *) stab[n][(slen >> 12) & 0x7]; data/lame-3.100/mpglib/mpg123.h:35:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/mpglib/mpg123.h:35:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/mpglib/mpg123.h:36:28: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memmove(d, s, n) bcopy ((s), (d), (n)) data/lame-3.100/mpglib/mpglib.h:71:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bsspace[2][MAXFRAMESIZE + 1024]; /* bit stream space used ???? */ /* MAXFRAMESIZE */ data/lame-3.100/ACM/ADbg/ADbg.h:72:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). return strncpy(prefix, string, MAX_PREFIX_LENGTH); data/lame-3.100/ACM/tinyxml/tinyxmlparser.cpp:133:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( entity[i].str ) == entity[i].strLength ); data/lame-3.100/ACM/tinyxml/tinyxmlparser.cpp:246:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return p + strlen( endTag ); data/lame-3.100/ACM/tinyxml/tinyxmlparser.cpp:750:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen( startTag ); data/lame-3.100/Dll/BladeMP3EncDLL.c:69:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szFileName[ strlen(szFileName) - 3 ] = 't'; data/lame-3.100/Dll/BladeMP3EncDLL.c:70:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szFileName[ strlen(szFileName) - 2 ] = 'x'; data/lame-3.100/Dll/BladeMP3EncDLL.c:71:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szFileName[ strlen(szFileName) - 1 ] = 't'; data/lame-3.100/Dll/BladeMP3EncDLL.c:655:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lpszTemp,lpszDate,3); data/lame-3.100/frontend/console.c:94:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, tp, n); data/lame-3.100/frontend/get_audio.c:282:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). addPcmBuffer(PcmBuffer * b, void *a0, void *a1, int read) data/lame-3.100/frontend/get_audio.c:289:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 0) { data/lame-3.100/frontend/get_audio.c:292:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (b->skip_start >= read) { data/lame-3.100/frontend/get_audio.c:293:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b->skip_start -= read; data/lame-3.100/frontend/get_audio.c:455:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 1) { data/lame-3.100/frontend/get_audio.c:458:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert( read <= LONG_MAX ); data/lame-3.100/frontend/get_audio.c:459:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). offset -= (long) read; data/lame-3.100/frontend/get_audio.c:481:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 1) { data/lame-3.100/frontend/get_audio.c:484:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert( read <= LONG_MAX ); data/lame-3.100/frontend/get_audio.c:485:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). offset -= (long) read; data/lame-3.100/frontend/get_audio.c:697:66: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). used = addPcmBuffer(&global.pcm32, buffer[0], buffer[1], read); data/lame-3.100/frontend/get_audio.c:698:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). } while (used <= 0 && read > 0); data/lame-3.100/frontend/get_audio.c:699:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 0) { data/lame-3.100/frontend/get_audio.c:700:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/lame-3.100/frontend/get_audio.c:718:66: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). used = addPcmBuffer(&global.pcm16, buffer[0], buffer[1], read); data/lame-3.100/frontend/get_audio.c:719:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). } while (used <= 0 && read > 0); data/lame-3.100/frontend/get_audio.c:720:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 0) { data/lame-3.100/frontend/get_audio.c:721:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/lame-3.100/frontend/gpkplotting.c:131:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 0, 10, title, strlen(title)); data/lame-3.100/frontend/gpkplotting.c:225:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (titleSplit && (titleSplit != strlen(title))) { data/lame-3.100/frontend/gpkplotting.c:232:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 0, 22, title + titleSplit + 1, (strlen(title) - titleSplit) - 1); data/lame-3.100/frontend/gpkplotting.c:239:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 0, 10, title, strlen(title)); data/lame-3.100/frontend/gtkanal.c:52:21: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. # define msleep(t) usleep((t) * 1000) data/lame-3.100/frontend/gtkanal.c:1478:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(frameinfo, inPath, 70); data/lame-3.100/frontend/lame_main.c:188:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(inPath) > 26 ? "\n\t" : " ", data/lame-3.100/frontend/lame_main.c:196:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(outPath) > 45 ? "\n\t" : " "); data/lame-3.100/frontend/lame_main.c:581:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nogapdir, outPath, PATH_MAX + 1); data/lame-3.100/frontend/main.c:161:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fn, lpFindFileData.cFileName, a); data/lame-3.100/frontend/main.c:166:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(++q, lpFindFileData.cFileName, MSIZE - a); data/lame-3.100/frontend/parse.c:180:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t const l = strlen(src); data/lame-3.100/frontend/parse.c:405:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned int lenb = strlen(b); data/lame-3.100/frontend/parse.c:406:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned int lenv = strlen(v); data/lame-3.100/frontend/parse.c:407:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned int lenu = strlen(u); data/lame-3.100/frontend/parse.c:561:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/lame-3.100/frontend/parse.c:1163:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(FileName); data/lame-3.100/frontend/parse.c:1402:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outPath, inPath, PATH_MAX + 1 - 4); data/lame-3.100/frontend/parse.c:1403:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(outPath, s_ext, 4); data/lame-3.100/frontend/parse.c:1547:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(inPath, argv[i], PATH_MAX + 1); data/lame-3.100/frontend/parse.c:1549:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outPath, argv[i], PATH_MAX + 1); data/lame-3.100/frontend/parse.c:1778:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nextArg != 0 && strlen(nextArg) > 0) { data/lame-3.100/frontend/parse.c:2009:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outPath, nextArg, PATH_MAX); data/lame-3.100/frontend/parse.c:2019:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outDir, nextArg, PATH_MAX); data/lame-3.100/frontend/parse.c:2425:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nogap_inPath[count_nogap++], argv[i], PATH_MAX + 1); data/lame-3.100/frontend/parse.c:2441:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(inPath, argv[i], PATH_MAX + 1); data/lame-3.100/frontend/parse.c:2446:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outPath, argv[i], PATH_MAX + 1); data/lame-3.100/frontend/parse.c:2478:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outPath, outDir, PATH_MAX); data/lame-3.100/frontend/parse.c:2483:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(outPath, "-"); data/lame-3.100/frontend/timestatus.c:229:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(inPath) + strlen(outPath) < 66 ? "" : "\n ", data/lame-3.100/frontend/timestatus.c:229:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(inPath) + strlen(outPath) < 66 ? "" : "\n ", data/lame-3.100/libmp3lame/VbrTag.c:804:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) &pbtStreamBuffer[nBytesWritten], szVersion, 9); data/lame-3.100/libmp3lame/bitstream.c:253:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (int) strlen(version) && remainingBits >= 8; ++i) { data/lame-3.100/libmp3lame/i386/nasm.h:147:22: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. %error STACKLEVEL mismatch check 'local', 'alloc', 'pushd', 'popd' data/lame-3.100/libmp3lame/id3tag.c:231:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t lenb = strlen(b); data/lame-3.100/libmp3lame/id3tag.c:1571:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). frame = set_4_byte_value(frame, (unsigned long) (4 + strlen(mimetype) + size)); data/lame-3.100/libmp3lame/id3tag.c:1601:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fieldvalue) < 5 || fieldvalue[4] != '=') { data/lame-3.100/libmp3lame/id3tag.c:1669:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t title_length = gfc->tag_spec.title ? strlen(gfc->tag_spec.title) : 0; data/lame-3.100/libmp3lame/id3tag.c:1670:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t artist_length = gfc->tag_spec.artist ? strlen(gfc->tag_spec.artist) : 0; data/lame-3.100/libmp3lame/id3tag.c:1671:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t album_length = gfc->tag_spec.album ? strlen(gfc->tag_spec.album) : 0; data/lame-3.100/libmp3lame/id3tag.c:1672:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t comment_length = gfc->tag_spec.comment ? strlen(gfc->tag_spec.comment) : 0; data/lame-3.100/libmp3lame/id3tag.c:1709:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag_size += 10 + 4 + strlen(albumart_mime) + gfc->tag_spec.albumart_size; data/lame-3.100/misc/abx.c:167:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read (0, &c, 1); data/lame-3.100/misc/abx.c:565:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 36 - (int)strlen(s), 36 - (int)strlen(s), "", data/lame-3.100/misc/abx.c:565:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 36 - (int)strlen(s), 36 - (int)strlen(s), "", data/lame-3.100/misc/abx.c:889:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen (name) < strlen (ext) ) data/lame-3.100/misc/abx.c:889:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen (name) < strlen (ext) ) data/lame-3.100/misc/abx.c:891:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name += strlen (name) - strlen (ext); data/lame-3.100/misc/abx.c:891:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name += strlen (name) - strlen (ext); data/lame-3.100/misc/abx.c:949:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* command = malloc (2*strlen(name) + 512); data/lame-3.100/misc/abx.c:950:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* name_q = malloc (2*strlen(name) + 128); data/lame-3.100/misc/ath.c:557:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read (0, &c, 1); data/lame-3.100/misc/mlame_corr.c:180:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read ( fd, header, sizeof(header) ); data/lame-3.100/misc/mlame_corr.c:188:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( ( samples = read (fd, s, sizeof(s)) ) > 0 ) { ANALYSIS SUMMARY: Hits = 432 Lines analyzed = 61342 in approximately 3.02 seconds (20304 lines/second) Physical Source Lines of Code (SLOC) = 42039 Hits@level = [0] 250 [1] 81 [2] 298 [3] 5 [4] 48 [5] 0 Hits@level+ = [0+] 682 [1+] 432 [2+] 351 [3+] 53 [4+] 48 [5+] 0 Hits/KSLOC@level+ = [0+] 16.223 [1+] 10.2762 [2+] 8.34939 [3+] 1.26073 [4+] 1.1418 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.