Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libdumb-0.9.3/src/it/itorder.c Examining data/libdumb-0.9.3/src/it/xmeffect.c Examining data/libdumb-0.9.3/src/it/itrender.c Examining data/libdumb-0.9.3/src/it/itread2.c Examining data/libdumb-0.9.3/src/it/itunload.c Examining data/libdumb-0.9.3/src/it/loadmod.c Examining data/libdumb-0.9.3/src/it/loads3m.c Examining data/libdumb-0.9.3/src/it/loadxm2.c Examining data/libdumb-0.9.3/src/it/itload2.c Examining data/libdumb-0.9.3/src/it/readmod2.c Examining data/libdumb-0.9.3/src/it/reads3m2.c Examining data/libdumb-0.9.3/src/it/loadmod2.c Examining data/libdumb-0.9.3/src/it/loadxm.c Examining data/libdumb-0.9.3/src/it/loads3m2.c Examining data/libdumb-0.9.3/src/it/itload.c Examining data/libdumb-0.9.3/src/it/itmisc.c Examining data/libdumb-0.9.3/src/it/readxm.c Examining data/libdumb-0.9.3/src/it/readmod.c Examining data/libdumb-0.9.3/src/it/reads3m.c Examining data/libdumb-0.9.3/src/it/readxm2.c Examining data/libdumb-0.9.3/src/it/itread.c Examining data/libdumb-0.9.3/src/core/makeduh.c Examining data/libdumb-0.9.3/src/core/unload.c Examining data/libdumb-0.9.3/src/core/loadduh.c Examining data/libdumb-0.9.3/src/core/rawsig.c Examining data/libdumb-0.9.3/src/core/rendduh.c Examining data/libdumb-0.9.3/src/core/rendsig.c Examining data/libdumb-0.9.3/src/core/duhlen.c Examining data/libdumb-0.9.3/src/core/duhtag.c Examining data/libdumb-0.9.3/src/core/atexit.c Examining data/libdumb-0.9.3/src/core/readduh.c Examining data/libdumb-0.9.3/src/core/register.c Examining data/libdumb-0.9.3/src/core/dumbfile.c Examining data/libdumb-0.9.3/src/helpers/sampbuf.c Examining data/libdumb-0.9.3/src/helpers/stdfile.c Examining data/libdumb-0.9.3/src/helpers/clickrem.c Examining data/libdumb-0.9.3/src/helpers/silence.c Examining data/libdumb-0.9.3/src/helpers/memfile.c Examining data/libdumb-0.9.3/src/helpers/resample.c Examining data/libdumb-0.9.3/src/allegro/datit.c Examining data/libdumb-0.9.3/src/allegro/datxm.c Examining data/libdumb-0.9.3/src/allegro/datduh.c Examining data/libdumb-0.9.3/src/allegro/datitq.c Examining data/libdumb-0.9.3/src/allegro/datmod.c Examining data/libdumb-0.9.3/src/allegro/dats3m.c Examining data/libdumb-0.9.3/src/allegro/datxmq.c Examining data/libdumb-0.9.3/src/allegro/datmodq.c Examining data/libdumb-0.9.3/src/allegro/dats3mq.c Examining data/libdumb-0.9.3/src/allegro/datunld.c Examining data/libdumb-0.9.3/src/allegro/alplay.c Examining data/libdumb-0.9.3/src/allegro/packfile.c Examining data/libdumb-0.9.3/make/dumbask.c Examining data/libdumb-0.9.3/examples/dumbplay.c Examining data/libdumb-0.9.3/examples/dumbout.c Examining data/libdumb-0.9.3/examples/dumb2wav.c Examining data/libdumb-0.9.3/include/dumb.h Examining data/libdumb-0.9.3/include/aldumb.h Examining data/libdumb-0.9.3/include/internal/it.h Examining data/libdumb-0.9.3/include/internal/dumb.h Examining data/libdumb-0.9.3/include/internal/aldumb.h FINAL RESULTS: data/libdumb-0.9.3/examples/dumb2wav.c:264:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fn_out, fn); data/libdumb-0.9.3/examples/dumbout.c:245:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fn_out, fn); data/libdumb-0.9.3/include/dumb.h:94:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACE 1 ? (void)0 : (void)printf data/libdumb-0.9.3/include/dumb.h:103:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACE 1 ? (void)0 : (void)printf data/libdumb-0.9.3/src/core/makeduh.c:123:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, tags[i][0]); data/libdumb-0.9.3/src/core/makeduh.c:126:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, tags[i][1]); data/libdumb-0.9.3/examples/dumb2wav.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s8[16384]; data/libdumb-0.9.3/examples/dumb2wav.c:247:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(fn_out, "wb"); data/libdumb-0.9.3/examples/dumb2wav.c:268:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(extptr, ".wav"); data/libdumb-0.9.3/examples/dumb2wav.c:269:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(fn_out, "wb"); data/libdumb-0.9.3/examples/dumbout.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s8[16384]; data/libdumb-0.9.3/examples/dumbout.c:228:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(fn_out, "wb"); data/libdumb-0.9.3/examples/dumbout.c:249:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(extptr, ".pcm"); data/libdumb-0.9.3/examples/dumbout.c:250:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(fn_out, "wb"); data/libdumb-0.9.3/include/dumb.h:154:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void *(*open)(const char *filename); data/libdumb-0.9.3/include/dumb.h:614:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char x8[3*2]; data/libdumb-0.9.3/include/internal/dumb.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *(*tag)[2]; data/libdumb-0.9.3/include/internal/it.h:104:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char SFmacro[16][16]; // read these from 0x120 data/libdumb-0.9.3/include/internal/it.h:105:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char SFmacrolen[16]; data/libdumb-0.9.3/include/internal/it.h:107:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Zmacro[128][16]; // read these from 0x320 data/libdumb-0.9.3/include/internal/it.h:108:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Zmacrolen[128]; data/libdumb-0.9.3/include/internal/it.h:133:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char node_y[25]; data/libdumb-0.9.3/include/internal/it.h:155:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char name[27]; data/libdumb-0.9.3/include/internal/it.h:156:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char filename[14]; data/libdumb-0.9.3/include/internal/it.h:177:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char map_note[120]; data/libdumb-0.9.3/include/internal/it.h:198:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char name[29]; data/libdumb-0.9.3/include/internal/it.h:199:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char filename[14]; data/libdumb-0.9.3/include/internal/it.h:378:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char name[29]; data/libdumb-0.9.3/include/internal/it.h:395:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char channel_pan[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/include/internal/it.h:396:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char channel_volume[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/src/core/dumbfile.c:33:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ASSERT(dfs->open); data/libdumb-0.9.3/src/core/dumbfile.c:63:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f->file = (*the_dfs->open)(filename); data/libdumb-0.9.3/src/core/rendduh.c:59:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)sptr)[pos] = (char)f ^ signconv; \ data/libdumb-0.9.3/src/helpers/memfile.c:62:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, m->ptr, n); data/libdumb-0.9.3/src/helpers/stdfile.c:28:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(filename, "rb"); data/libdumb-0.9.3/src/it/itread.c:625:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmask[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/src/it/itread.c:626:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cnote[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/src/it/itread.c:627:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cinstrument[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/src/it/itread.c:628:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cvolpan[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/src/it/itread.c:629:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ceffect[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/src/it/itread.c:630:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ceffectvalue[DUMB_IT_N_CHANNELS]; data/libdumb-0.9.3/src/it/itread.c:690:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char used[16] = {0, 1, 1, 2, 1, 2, 2, 3, 2, 3, 3, 4, 3, 4, 4, 5}; data/libdumb-0.9.3/src/it/itread.c:760:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen("dupentry.txt", "a"); data/libdumb-0.9.3/src/it/itread.c:830:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sample_convert[256]; data/libdumb-0.9.3/src/it/itread.c:989:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mididata[32]; data/libdumb-0.9.3/src/it/itread.c:1202:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tag[1][2]; data/libdumb-0.9.3/src/it/itread.c:1205:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return make_duh(-1, 1, (const char *const (*)[2])tag, 1, &descptr, &sigdata); data/libdumb-0.9.3/src/it/itrender.c:538:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static signed char it_sine[256] = { data/libdumb-0.9.3/src/it/itrender.c:570:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static signed char it_sawtooth[256] = { data/libdumb-0.9.3/src/it/itrender.c:591:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static signed char it_squarewave[256] = { data/libdumb-0.9.3/src/it/readmod.c:270:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, bm->buffered + bm->ptr, left); data/libdumb-0.9.3/src/it/readmod.c:276:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, bm->buffered + bm->ptr, n); data/libdumb-0.9.3/src/it/readmod.c:599:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tag[1][2]; data/libdumb-0.9.3/src/it/readmod.c:602:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return make_duh(-1, 1, (const char *const (*)[2])tag, 1, &descptr, &sigdata); data/libdumb-0.9.3/src/it/reads3m.c:229:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char used[8] = {0, 2, 1, 3, 2, 4, 3, 5}; data/libdumb-0.9.3/src/it/reads3m.c:249:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char used[8] = {0, 2, 1, 3, 2, 4, 3, 5}; data/libdumb-0.9.3/src/it/reads3m.c:665:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tag[1][2]; data/libdumb-0.9.3/src/it/reads3m.c:668:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return make_duh(-1, 1, (const char *const (*)[2])tag, 1, &descptr, &sigdata); data/libdumb-0.9.3/src/it/readxm.c:613:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_text[18]; data/libdumb-0.9.3/src/it/readxm.c:780:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char roguebytes[XM_MAX_SAMPLES_PER_INSTRUMENT]; data/libdumb-0.9.3/src/it/readxm.c:871:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loop_count[IT_N_CHANNELS]; data/libdumb-0.9.3/src/it/readxm.c:1002:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *tag[1][2]; data/libdumb-0.9.3/src/it/readxm.c:1005:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return make_duh(-1, 1, (const char *const (*)[2])tag, 1, &descptr, &sigdata); data/libdumb-0.9.3/examples/dumb2wav.c:257:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fn_out = malloc(strlen(fn)+5); data/libdumb-0.9.3/examples/dumbout.c:238:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fn_out = malloc(strlen(fn)+5); data/libdumb-0.9.3/examples/dumbplay.c:239:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gfx_half_width = strlen(fn); data/libdumb-0.9.3/include/dumb.h:156:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*getc)(void *f); data/libdumb-0.9.3/make/dumbask.c:24:12: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char c = getchar(); data/libdumb-0.9.3/src/core/dumbfile.c:34:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ASSERT(dfs->getc); data/libdumb-0.9.3/src/core/dumbfile.c:82:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ASSERT(dfs->getc); data/libdumb-0.9.3/src/core/dumbfile.c:132:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:155:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:178:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). l = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:184:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). h = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:206:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). h = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:212:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). l = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:234:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:240:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:247:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:254:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:277:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:284:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:291:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:298:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/dumbfile.c:362:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = (*f->dfs->getc)(f->file); data/libdumb-0.9.3/src/core/makeduh.c:107:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mem += strlen(tags[i][0]) + strlen(tags[i][1]); data/libdumb-0.9.3/src/core/makeduh.c:107:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mem += strlen(tags[i][0]) + strlen(tags[i][1]); data/libdumb-0.9.3/src/core/makeduh.c:124:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(tags[i][0]) + 1; data/libdumb-0.9.3/src/core/makeduh.c:127:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(tags[i][1]) + 1; data/libdumb-0.9.3/src/helpers/stdfile.c:42:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fgetc(f); ANALYSIS SUMMARY: Hits = 90 Lines analyzed = 14530 in approximately 0.95 seconds (15363 lines/second) Physical Source Lines of Code (SLOC) = 9409 Hits@level = [0] 85 [1] 27 [2] 57 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 175 [1+] 90 [2+] 63 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 18.5992 [1+] 9.56531 [2+] 6.69572 [3+] 0.637687 [4+] 0.637687 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.