stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libmad-0.15.1b/mad.h
Examining data/libmad-0.15.1b/version.c
Examining data/libmad-0.15.1b/fixed.c
Examining data/libmad-0.15.1b/bit.c
Examining data/libmad-0.15.1b/timer.c
Examining data/libmad-0.15.1b/stream.c
Examining data/libmad-0.15.1b/frame.c
Examining data/libmad-0.15.1b/synth.c
Examining data/libmad-0.15.1b/decoder.c
Examining data/libmad-0.15.1b/layer12.c
Examining data/libmad-0.15.1b/layer3.c
Examining data/libmad-0.15.1b/huffman.c
Examining data/libmad-0.15.1b/version.h
Examining data/libmad-0.15.1b/fixed.h
Examining data/libmad-0.15.1b/bit.h
Examining data/libmad-0.15.1b/timer.h
Examining data/libmad-0.15.1b/stream.h
Examining data/libmad-0.15.1b/frame.h
Examining data/libmad-0.15.1b/synth.h
Examining data/libmad-0.15.1b/decoder.h
Examining data/libmad-0.15.1b/global.h
Examining data/libmad-0.15.1b/layer12.h
Examining data/libmad-0.15.1b/layer3.h
Examining data/libmad-0.15.1b/huffman.h
Examining data/libmad-0.15.1b/minimad.c
Examining data/libmad-0.15.1b/msvc++/mad.h
Examining data/libmad-0.15.1b/msvc++/config.h

FINAL RESULTS:

data/libmad-0.15.1b/timer.c:426:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(dest, format,
data/libmad-0.15.1b/timer.c:436:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(dest, format,
data/libmad-0.15.1b/timer.c:443:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(dest, format,
data/libmad-0.15.1b/timer.c:482:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(dest, format, mad_timer_count(timer, units), sub);
data/libmad-0.15.1b/decoder.c:250:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char sink[256];
data/libmad-0.15.1b/layer12.c:108:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char allocation[2][32], scalefactor[2][32];
data/libmad-0.15.1b/layer12.c:220:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char const offsets[30];
data/libmad-0.15.1b/layer12.c:255:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char const offset_table[6][15] = {
data/libmad-0.15.1b/layer12.c:337:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char allocation[2][32], scfsi[2][32], scalefactor[2][32][3];
data/libmad-0.15.1b/layer3.c:66:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char scfsi[2];
data/libmad-0.15.1b/layer3.c:78:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char table_select[3];
data/libmad-0.15.1b/layer3.c:79:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char subblock_gain[3];
data/libmad-0.15.1b/layer3.c:84:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char scalefac[39];	/* scalefac_l and/or scalefac_s */
data/libmad-0.15.1b/layer3.c:109:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char const nsfb_table[6][3][4] = {
data/libmad-0.15.1b/layer3.c:323:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char const pretab[22] = {
data/libmad-0.15.1b/layer3.c:813:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		   unsigned char const *sfbwidth, signed int exponents[39])
data/libmad-0.15.1b/layer3.c:1282:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		 unsigned char const sfbwidth[39])
data/libmad-0.15.1b/layer3.c:1320:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&xr[18 * sb], &tmp[sb], (576 - 18 * sb) * sizeof(mad_fixed_t));
data/libmad-0.15.1b/layer3.c:2378:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char const *sfbwidth[2];
data/libmad-0.15.1b/layer3.c:2635:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*stream->main_data + stream->md_len,
data/libmad-0.15.1b/layer3.c:2671:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*stream->main_data,
data/libmad-0.15.1b/layer3.c:2692:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*stream->main_data + stream->md_len,
data/libmad-0.15.1b/mad.h:712:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char (*main_data)[MAD_BUFFER_MDLEN];
data/libmad-0.15.1b/msvc++/mad.h:696:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char (*main_data)[MAD_BUFFER_MDLEN];
data/libmad-0.15.1b/stream.h:76:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char (*main_data)[MAD_BUFFER_MDLEN];
data/libmad-0.15.1b/decoder.c:157:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      count = read(fd, ptr, len);

ANALYSIS SUMMARY:

Hits = 26
Lines analyzed = 12866 in approximately 0.38 seconds (34196 lines/second)
Physical Source Lines of Code (SLOC) = 8708
Hits@level = [0]   6 [1]   1 [2]  21 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  32 [1+]  26 [2+]  25 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 3.67478 [1+] 2.98576 [2+] 2.87092 [3+] 0.459348 [4+] 0.459348 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.