Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/liblscp-0.6.0/lscp/device.h
Examining data/liblscp-0.6.0/lscp/thread.h
Examining data/liblscp-0.6.0/lscp/socket.h
Examining data/liblscp-0.6.0/lscp/client.h
Examining data/liblscp-0.6.0/lscp/event.h
Examining data/liblscp-0.6.0/examples/parser.h
Examining data/liblscp-0.6.0/examples/parser.c
Examining data/liblscp-0.6.0/examples/example_client.c
Examining data/liblscp-0.6.0/examples/server.h
Examining data/liblscp-0.6.0/examples/example_server.c
Examining data/liblscp-0.6.0/examples/server.c
Examining data/liblscp-0.6.0/src/thread.c
Examining data/liblscp-0.6.0/src/socket.c
Examining data/liblscp-0.6.0/src/device.c
Examining data/liblscp-0.6.0/src/common.c
Examining data/liblscp-0.6.0/src/event.c
Examining data/liblscp-0.6.0/src/common.h
Examining data/liblscp-0.6.0/src/client.c
FINAL RESULTS:
data/liblscp-0.6.0/examples/example_server.c:381:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTemp, "DESCRIPTION: example_server (%s) %s\r\n"
data/liblscp-0.6.0/examples/server.c:624:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cchBuffer = sprintf(achBuffer, "NOTIFY:%s:", pszEvent);
data/liblscp-0.6.0/src/client.c:242:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cchQuery = sprintf(szQuery, "%sSUBSCRIBE %s\n\n",
data/liblscp-0.6.0/src/client.c:944:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "LOAD INSTRUMENT '%s' %d %d\r\n",
data/liblscp-0.6.0/src/client.c:969:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "LOAD INSTRUMENT NON_MODAL '%s' %d %d\r\n",
data/liblscp-0.6.0/src/client.c:992:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "LOAD ENGINE %s %d\r\n",
data/liblscp-0.6.0/src/client.c:1206:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET ENGINE INFO %s\r\n", pszEngineName);
data/liblscp-0.6.0/src/client.c:1550:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET CHANNEL BUFFER_FILL %s %d\r\n", pszUsageType, iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1595:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "SET CHANNEL AUDIO_OUTPUT_TYPE %d %s\r\n",
data/liblscp-0.6.0/src/client.c:1668:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "SET CHANNEL MIDI_INPUT_TYPE %d %s\r\n",
data/liblscp-0.6.0/src/client.c:2240:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery + strlen(szQuery), " '%s'", pszFxName);
data/liblscp-0.6.0/src/client.c:2564:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery + strlen(szQuery), " '%s'", pszMapName);
data/liblscp-0.6.0/src/client.c:2734:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "SET MIDI_INSTRUMENT_MAP NAME %d '%s'\r\n",
data/liblscp-0.6.0/src/client.c:2785:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "MAP MIDI_INSTRUMENT %d %d %d %s '%s' %d %g",
data/liblscp-0.6.0/src/client.c:2806:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery + strlen(szQuery), " '%s'", pszName);
data/liblscp-0.6.0/src/common.c:201:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszResult, pszBuffer);
data/liblscp-0.6.0/src/common.c:204:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszResult, achBuffer);
data/liblscp-0.6.0/src/common.c:1050:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszBuffer + cchBuffer, " %s='%s'", pParams[i].key, pParams[i].value);
data/liblscp-0.6.0/src/device.c:349:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET AUDIO_OUTPUT_DRIVER INFO %s\r\n", pszAudioDriver);
data/liblscp-0.6.0/src/device.c:377:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET AUDIO_OUTPUT_DRIVER_PARAMETER INFO %s %s", pszAudioDriver, pszParam);
data/liblscp-0.6.0/src/device.c:409:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "CREATE AUDIO_OUTPUT_DEVICE %s", pszAudioDriver);
data/liblscp-0.6.0/src/device.c:553:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "SET AUDIO_OUTPUT_DEVICE_PARAMETER %d %s='%s'\r\n", iAudioDevice, pParam->key, pParam->value);
data/liblscp-0.6.0/src/device.c:610:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET AUDIO_OUTPUT_CHANNEL_PARAMETER INFO %d %d %s", iAudioDevice, iAudioChannel, pszParam);
data/liblscp-0.6.0/src/device.c:639:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "SET AUDIO_OUTPUT_CHANNEL_PARAMETER %d %d %s='%s'\r\n", iAudioDevice, iAudioChannel, pParam->key, pParam->value);
data/liblscp-0.6.0/src/device.c:727:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET MIDI_INPUT_DRIVER INFO %s\r\n", pszMidiDriver);
data/liblscp-0.6.0/src/device.c:757:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET MIDI_INPUT_DRIVER_PARAMETER INFO %s %s", pszMidiDriver, pszParam);
data/liblscp-0.6.0/src/device.c:789:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "CREATE MIDI_INPUT_DEVICE %s", pszMidiDriver);
data/liblscp-0.6.0/src/device.c:933:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "SET MIDI_INPUT_DEVICE_PARAMETER %d %s='%s'\r\n", iMidiDevice, pParam->key, pParam->value);
data/liblscp-0.6.0/src/device.c:990:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "GET MIDI_INPUT_PORT_PARAMETER INFO %d %d %s", iMidiDevice, iMidiPort, pszParam);
data/liblscp-0.6.0/src/device.c:1019:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szQuery, "SET MIDI_INPUT_PORT_PARAMETER %d %d %s='%s'\r\n", iMidiDevice, iMidiPort, pParam->key, pParam->value);
data/liblscp-0.6.0/src/socket.c:133:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szPrefix, " %s\t", pszOptName);
data/liblscp-0.6.0/src/socket.c:146:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szPrefix, " %s\t", pszOptName);
data/liblscp-0.6.0/examples/example_server.c:854:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/liblscp-0.6.0/examples/example_client.c:42:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pszData, pchData, cchData);
data/liblscp-0.6.0/examples/example_client.c:457:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iMidiPorts = atoi(pszValue);
data/liblscp-0.6.0/examples/example_client.c:476:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iAudioChannels = atoi(pszValue);
data/liblscp-0.6.0/examples/example_client.c:645:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szLine[1024];
data/liblscp-0.6.0/examples/example_server.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[4096];
data/liblscp-0.6.0/examples/example_server.c:95:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", rand() % 100);
data/liblscp-0.6.0/examples/example_server.c:107:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "[1]%d,[2]%d,[3]%d\r\n", rand(), rand(), rand());
data/liblscp-0.6.0/examples/example_server.c:113:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "[1]%d%%,[2]%d%%,[3]%d%%\r\n", rand() % 100, rand() % 100, rand() % 100);
data/liblscp-0.6.0/examples/example_server.c:123:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", iSamplerChannel);
data/liblscp-0.6.0/examples/example_server.c:364:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", iAudioDevice);
data/liblscp-0.6.0/examples/example_server.c:370:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", iMidiDevice);
data/liblscp-0.6.0/examples/example_server.c:409:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", rand() % 100);
data/liblscp-0.6.0/examples/example_server.c:415:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", rand() % 100);
data/liblscp-0.6.0/examples/example_server.c:421:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%g\r\n", fVolume);
data/liblscp-0.6.0/examples/example_server.c:436:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", iFxSend);
data/liblscp-0.6.0/examples/example_server.c:442:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", iMidiInstruments);
data/liblscp-0.6.0/examples/example_server.c:448:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "%d\r\n", iMidiMaps);
data/liblscp-0.6.0/examples/example_server.c:454:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szTemp, "NAME: ");
data/liblscp-0.6.0/examples/example_server.c:457:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "Chromatic\r\n");
data/liblscp-0.6.0/examples/example_server.c:460:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "Drum Kits\r\n");
data/liblscp-0.6.0/examples/example_server.c:463:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, ".\r\n");
data/liblscp-0.6.0/examples/example_server.c:488:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:490:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "\r\n");
data/liblscp-0.6.0/examples/example_server.c:515:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:517:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "\r\n");
data/liblscp-0.6.0/examples/example_server.c:527:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:529:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "\r\n");
data/liblscp-0.6.0/examples/example_server.c:539:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:541:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "\r\n");
data/liblscp-0.6.0/examples/example_server.c:551:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp + strlen(szTemp), "{0,%d,%d}", i / 128, i % 128);
data/liblscp-0.6.0/examples/example_server.c:553:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "\r\n");
data/liblscp-0.6.0/examples/example_server.c:563:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:565:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szTemp, "\r\n");
data/liblscp-0.6.0/examples/example_server.c:660:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "OK[%d]\r\n", iSamplerChannel++);
data/liblscp-0.6.0/examples/example_server.c:671:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "OK[%d]\r\n", iMidiMaps++);
data/liblscp-0.6.0/examples/example_server.c:718:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "OK[%d]\r\n", iAudioDevice++);
data/liblscp-0.6.0/examples/example_server.c:729:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "OK[%d]\r\n", iMidiDevice++);
data/liblscp-0.6.0/examples/example_server.c:740:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTemp, "OK[%d]\r\n", iFxSend++);
data/liblscp-0.6.0/examples/example_server.c:843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szLine[200];
data/liblscp-0.6.0/examples/parser.c:66:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pParser->pchBuffer, pchBuffer, cchBuffer);
data/liblscp-0.6.0/examples/parser.c:89:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi(pParser->pszToken);
data/liblscp-0.6.0/examples/server.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char achBuffer[LSCP_BUFSIZ];
data/liblscp-0.6.0/examples/server.c:610:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char achBuffer[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numeric[32];
data/liblscp-0.6.0/src/client.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[32];
data/liblscp-0.6.0/src/client.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char achBuffer[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPort[33];
data/liblscp-0.6.0/src/client.c:939:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:987:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1018:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iChannels = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:1081:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iSamplerChannel = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1106:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "REMOVE CHANNEL %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1131:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iAvailableEngines = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:1188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1267:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET CHANNEL INFO %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1280:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->audio_device = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:1285:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->audio_channels = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:1303:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->instrument_nr = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:1313:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->instrument_status = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:1318:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->midi_device = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:1323:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->midi_port = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:1332:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->midi_channel = atoi(pszToken);
data/liblscp-0.6.0/src/client.c:1345:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pChannelInfo->midi_map = atoi(pszToken);
data/liblscp-0.6.0/src/client.c:1388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1399:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET CHANNEL VOICE_COUNT %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1401:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iVoiceCount = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:1421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1432:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET CHANNEL STREAM_COUNT %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1434:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iStreamCount = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:1454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1472:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET CHANNEL BUFFER_FILL PERCENTAGE %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1483:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iPercent = atol(pszToken);
data/liblscp-0.6.0/src/client.c:1517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1556:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pBufferFill[iStream].stream_id = atol(pszToken);
data/liblscp-0.6.0/src/client.c:1560:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pBufferFill[iStream].stream_usage = atol(pszToken);
data/liblscp-0.6.0/src/client.c:1590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1619:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL AUDIO_OUTPUT_DEVICE %d %d\r\n",
data/liblscp-0.6.0/src/client.c:1639:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1644:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL AUDIO_OUTPUT_CHANNEL %d %d %d\r\n",
data/liblscp-0.6.0/src/client.c:1663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1692:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL MIDI_INPUT_DEVICE %d %d\r\n",
data/liblscp-0.6.0/src/client.c:1711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1716:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL MIDI_INPUT_PORT %d %d\r\n",
data/liblscp-0.6.0/src/client.c:1736:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1742:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL MIDI_INPUT_CHANNEL %d ALL\r\n",
data/liblscp-0.6.0/src/client.c:1745:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL MIDI_INPUT_CHANNEL %d %d\r\n",
data/liblscp-0.6.0/src/client.c:1766:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1771:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL MIDI_INSTRUMENT_MAP %d ", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1773:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery , "NONE");
data/liblscp-0.6.0/src/client.c:1776:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery , "DEFAULT");
data/liblscp-0.6.0/src/client.c:1778:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/client.c:1780:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "\r\n");
data/liblscp-0.6.0/src/client.c:1801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1808:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL VOLUME %d %g\r\n",
data/liblscp-0.6.0/src/client.c:1831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1836:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL MUTE %d %d\r\n",
data/liblscp-0.6.0/src/client.c:1857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1862:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET CHANNEL SOLO %d %d\r\n",
data/liblscp-0.6.0/src/client.c:1879:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:1884:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "RESET CHANNEL %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:1982:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iVoiceCount = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2011:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iVoiceCount = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2067:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2074:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET VOLUME %g\r\n", fVolume);
data/liblscp-0.6.0/src/client.c:2106:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iVoices = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2140:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET VOICES %d\r\n", iMaxVoices);
data/liblscp-0.6.0/src/client.c:2170:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iStreams = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2204:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET STREAMS %d\r\n", iMaxStreams);
data/liblscp-0.6.0/src/client.c:2226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2236:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "CREATE FX_SEND %d %d",
data/liblscp-0.6.0/src/client.c:2242:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "\r\n");
data/liblscp-0.6.0/src/client.c:2245:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iFxSend = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2272:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "DESTROY FX_SEND %d %d\r\n",
data/liblscp-0.6.0/src/client.c:2292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2302:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET FX_SENDS %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:2305:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iFxSends = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2340:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "LIST FX_SENDS %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/client.c:2367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2388:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET FX_SEND INFO %d %d\r\n", iSamplerChannel, iFxSend);
data/liblscp-0.6.0/src/client.c:2401:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pFxSendInfo->midi_controller = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:2446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2478:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET FX_SEND AUDIO_OUTPUT_CHANNEL %d %d %d %d\r\n",
data/liblscp-0.6.0/src/client.c:2499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2505:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET FX_SEND MIDI_CONTROLLER %d %d %d\r\n",
data/liblscp-0.6.0/src/client.c:2525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2532:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "SET FX_SEND LEVEL %d %d %f\r\n",
data/liblscp-0.6.0/src/client.c:2553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2561:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szQuery, "ADD MIDI_INSTRUMENT_MAP");
data/liblscp-0.6.0/src/client.c:2566:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "\r\n");
data/liblscp-0.6.0/src/client.c:2569:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iMidiMap = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2589:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2594:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "REMOVE MIDI_INSTRUMENT_MAP %d\r\n", iMidiMap);
data/liblscp-0.6.0/src/client.c:2620:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iMidiMaps = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2694:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET MIDI_INSTRUMENT_MAP INFO %d\r\n", iMidiMap);
data/liblscp-0.6.0/src/client.c:2727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2792:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, " PERSISTENT");
data/liblscp-0.6.0/src/client.c:2795:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, " ON_DEMAND_HOLD");
data/liblscp-0.6.0/src/client.c:2798:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, " ON_DEMAND");
data/liblscp-0.6.0/src/client.c:2808:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "\r\n");
data/liblscp-0.6.0/src/client.c:2826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2835:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "UNMAP MIDI_INSTRUMENT %d %d %d\r\n",
data/liblscp-0.6.0/src/client.c:2855:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2863:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szQuery, "GET MIDI_INSTRUMENTS ");
data/liblscp-0.6.0/src/client.c:2866:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "ALL");
data/liblscp-0.6.0/src/client.c:2868:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/client.c:2870:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "\r\n");
data/liblscp-0.6.0/src/client.c:2873:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iInstruments = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/client.c:2894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2907:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szQuery, "LIST MIDI_INSTRUMENTS ");
data/liblscp-0.6.0/src/client.c:2910:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "ALL");
data/liblscp-0.6.0/src/client.c:2912:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/client.c:2914:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "\r\n");
data/liblscp-0.6.0/src/client.c:2942:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:2967:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET MIDI_INSTRUMENT INFO %d %d %d\r\n",
data/liblscp-0.6.0/src/client.c:2991:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pInstrInfo->instrument_nr = atoi(lscp_ltrim(pszToken));
data/liblscp-0.6.0/src/client.c:3044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:3046:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szQuery, "CLEAR MIDI_INSTRUMENTS ");
data/liblscp-0.6.0/src/client.c:3049:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "ALL");
data/liblscp-0.6.0/src/client.c:3051:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/client.c:3053:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szQuery, "\r\n");
data/liblscp-0.6.0/src/client.c:3071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/client.c:3076:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "EDIT CHANNEL INSTRUMENT %d\r\n", iSamplerChannel);
data/liblscp-0.6.0/src/common.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char achBuffer[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/common.c:239:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iErrno = atoi(pszToken) + 100;
data/liblscp-0.6.0/src/common.c:474:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((piSplit[i++] = atoi(pchHead)) < 0) {
data/liblscp-0.6.0/src/common.c:485:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
piSplit[i] = atoi(pchHead);
data/liblscp-0.6.0/src/common.c:757:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pInstrs[i].map = atoi(pchHead);
data/liblscp-0.6.0/src/common.c:764:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pInstrs[i].bank = atoi(pchHead);
data/liblscp-0.6.0/src/common.c:769:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pInstrs[i].prog = atoi(pchHead);
data/liblscp-0.6.0/src/device.c:289:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iAudioDrivers = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/device.c:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:412:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iAudioDevice = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/device.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:440:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "DESTROY AUDIO_OUTPUT_DEVICE %d\r\n", iAudioDevice);
data/liblscp-0.6.0/src/device.c:465:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iAudioDevices = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/device.c:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:527:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET AUDIO_OUTPUT_DEVICE INFO %d\r\n", iAudioDevice);
data/liblscp-0.6.0/src/device.c:544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:580:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET AUDIO_OUTPUT_CHANNEL INFO %d %d\r\n", iAudioDevice, iAudioChannel);
data/liblscp-0.6.0/src/device.c:599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:628:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:667:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iMidiDrivers = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/device.c:722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:792:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iMidiDevice = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/device.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:820:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "DESTROY MIDI_INPUT_DEVICE %d\r\n", iMidiDevice);
data/liblscp-0.6.0/src/device.c:845:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iMidiDevices = atoi(lscp_client_get_result(pClient));
data/liblscp-0.6.0/src/device.c:900:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:907:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET MIDI_INPUT_DEVICE INFO %d\r\n", iMidiDevice);
data/liblscp-0.6.0/src/device.c:924:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:951:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:960:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szQuery, "GET MIDI_INPUT_PORT INFO %d %d\r\n", iMidiDevice, iMidiPort);
data/liblscp-0.6.0/src/device.c:979:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:1008:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szQuery[LSCP_BUFSIZ];
data/liblscp-0.6.0/src/device.c:1033:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (const char *) pParams[i].value;
data/liblscp-0.6.0/src/socket.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPrefix[33];
data/liblscp-0.6.0/src/socket.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPrefix[33];
data/liblscp-0.6.0/src/socket.c:183:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pszBuffer, pchBuffer, cchBuffer);
data/liblscp-0.6.0/examples/example_client.c:361:49: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (client_test_##t((t)(x))) { g_test_fails++; getchar(); } \
data/liblscp-0.6.0/examples/example_client.c:362:24: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (g_test_step) getchar(); }
data/liblscp-0.6.0/examples/example_client.c:668:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchLine = strlen(szLine);
data/liblscp-0.6.0/examples/example_server.c:485:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < iSamplerChannel && strlen(szTemp) < sizeof(szTemp) - 8; i++) {
data/liblscp-0.6.0/examples/example_server.c:487:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(szTemp, ",");
data/liblscp-0.6.0/examples/example_server.c:488:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:512:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < iAudioDevice && strlen(szTemp) < sizeof(szTemp) - 8; i++) {
data/liblscp-0.6.0/examples/example_server.c:514:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(szTemp, ",");
data/liblscp-0.6.0/examples/example_server.c:515:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:524:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < iMidiDevice && strlen(szTemp) < sizeof(szTemp) - 8; i++) {
data/liblscp-0.6.0/examples/example_server.c:526:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(szTemp, ",");
data/liblscp-0.6.0/examples/example_server.c:527:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:536:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < iFxSend && strlen(szTemp) < sizeof(szTemp) - 8; i++) {
data/liblscp-0.6.0/examples/example_server.c:538:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(szTemp, ",");
data/liblscp-0.6.0/examples/example_server.c:539:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:548:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < iMidiInstruments && strlen(szTemp) < sizeof(szTemp) - 16; i++) {
data/liblscp-0.6.0/examples/example_server.c:550:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(szTemp, ",");
data/liblscp-0.6.0/examples/example_server.c:551:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szTemp + strlen(szTemp), "{0,%d,%d}", i / 128, i % 128);
data/liblscp-0.6.0/examples/example_server.c:560:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < iMidiMaps && strlen(szTemp) < sizeof(szTemp) - 8; i++) {
data/liblscp-0.6.0/examples/example_server.c:562:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(szTemp, ",");
data/liblscp-0.6.0/examples/example_server.c:563:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szTemp + strlen(szTemp), "%d", i);
data/liblscp-0.6.0/examples/example_server.c:820:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return lscp_server_result(pConnect, pszResult, strlen(pszResult));
data/liblscp-0.6.0/examples/example_server.c:865:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchLine = strlen(szLine);
data/liblscp-0.6.0/examples/example_server.c:885:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lscp_server_broadcast(pServer, LSCP_EVENT_MISCELLANEOUS, szLine, strlen(szLine));
data/liblscp-0.6.0/examples/server.c:628:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&achBuffer[cchBuffer], pchData, cchData);
data/liblscp-0.6.0/src/client.c:59:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(locale->numeric, setlocale(LC_NUMERIC, NULL), 32);
data/liblscp-0.6.0/src/client.c:60:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(locale->ctype, setlocale(LC_CTYPE, NULL), 32);
data/liblscp-0.6.0/src/client.c:141:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchToken = (pszToken == NULL ? 0 : strlen(pszToken));
data/liblscp-0.6.0/src/client.c:1778:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/client.c:2240:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szQuery + strlen(szQuery), " '%s'", pszFxName);
data/liblscp-0.6.0/src/client.c:2564:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szQuery + strlen(szQuery), " '%s'", pszMapName);
data/liblscp-0.6.0/src/client.c:2806:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szQuery + strlen(szQuery), " '%s'", pszName);
data/liblscp-0.6.0/src/client.c:2868:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/client.c:2912:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/client.c:3051:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szQuery + strlen(szQuery), "%d", iMidiMap);
data/liblscp-0.6.0/src/common.c:157:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchQuery = strlen(pszQuery);
data/liblscp-0.6.0/src/common.c:210:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchBuffer = strlen(pszBuffer);
data/liblscp-0.6.0/src/common.c:388:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchSeps = strlen(pszSeps);
data/liblscp-0.6.0/src/common.c:480:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchSeps = strlen(pszSeps);
data/liblscp-0.6.0/src/common.c:555:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchSeps1 = strlen(pszSeps1);
data/liblscp-0.6.0/src/common.c:556:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchSeps2 = strlen(pszSeps2);
data/liblscp-0.6.0/src/common.c:1046:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchBuffer = strlen(pszBuffer);
data/liblscp-0.6.0/src/common.c:1048:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchParam = strlen(pParams[i].key) + strlen(pParams[i].value) + 4;
data/liblscp-0.6.0/src/common.c:1048:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchParam = strlen(pParams[i].key) + strlen(pParams[i].value) + 4;
ANALYSIS SUMMARY:
Hits = 293
Lines analyzed = 9473 in approximately 0.43 seconds (21920 lines/second)
Physical Source Lines of Code (SLOC) = 5717
Hits@level = [0] 165 [1] 44 [2] 216 [3] 1 [4] 32 [5] 0
Hits@level+ = [0+] 458 [1+] 293 [2+] 249 [3+] 33 [4+] 32 [5+] 0
Hits/KSLOC@level+ = [0+] 80.1119 [1+] 51.2507 [2+] 43.5543 [3+] 5.77226 [4+] 5.59734 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.