Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libmysofa-1.1~dfsg1/src/hdf/btree.c
Examining data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c
Examining data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c
Examining data/libmysofa-1.1~dfsg1/src/hdf/gcol.c
Examining data/libmysofa-1.1~dfsg1/src/hdf/gunzip.c
Examining data/libmysofa-1.1~dfsg1/src/hdf/reader.h
Examining data/libmysofa-1.1~dfsg1/src/hdf/superblock.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/cache.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/check.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/easy.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/interpolate.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/kdtree.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/kdtree.h
Examining data/libmysofa-1.1~dfsg1/src/hrtf/lookup.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/loudness.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/minphase.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/mysofa.h
Examining data/libmysofa-1.1~dfsg1/src/hrtf/neighbors.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/reader.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/resample.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/spherical.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/tools.c
Examining data/libmysofa-1.1~dfsg1/src/hrtf/tools.h
Examining data/libmysofa-1.1~dfsg1/src/resampler/arch.h
Examining data/libmysofa-1.1~dfsg1/src/resampler/speex_resampler.c
Examining data/libmysofa-1.1~dfsg1/src/resampler/speex_resampler.h
Examining data/libmysofa-1.1~dfsg1/src/resampler/stack_alloc.h
Examining data/libmysofa-1.1~dfsg1/src/tests/cache.c
Examining data/libmysofa-1.1~dfsg1/src/tests/check.c
Examining data/libmysofa-1.1~dfsg1/src/tests/easy.c
Examining data/libmysofa-1.1~dfsg1/src/tests/external.c
Examining data/libmysofa-1.1~dfsg1/src/tests/internal.c
Examining data/libmysofa-1.1~dfsg1/src/tests/interpolate.c
Examining data/libmysofa-1.1~dfsg1/src/tests/json.c
Examining data/libmysofa-1.1~dfsg1/src/tests/json.h
Examining data/libmysofa-1.1~dfsg1/src/tests/lookup.c
Examining data/libmysofa-1.1~dfsg1/src/tests/loudness.c
Examining data/libmysofa-1.1~dfsg1/src/tests/minphase.c
Examining data/libmysofa-1.1~dfsg1/src/tests/multithread.c
Examining data/libmysofa-1.1~dfsg1/src/tests/neighbors.c
Examining data/libmysofa-1.1~dfsg1/src/tests/resample.c
Examining data/libmysofa-1.1~dfsg1/src/tests/sofa2json.c
Examining data/libmysofa-1.1~dfsg1/src/tests/tests.h
Examining data/libmysofa-1.1~dfsg1/src/tests/tools.c
Examining data/libmysofa-1.1~dfsg1/src/tests/user_defined_variable.c
FINAL RESULTS:
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:814:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data->string, buffer);
data/libmysofa-1.1~dfsg1/src/hrtf/mysofa.h:25:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/libmysofa-1.1~dfsg1/src/hrtf/reader.c:151:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var->name, dataobject->name);
data/libmysofa-1.1~dfsg1/src/tests/sofa2json.c:72:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "cs")) != -1) {
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:301:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:740:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buffer, number[16];
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:802:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "REF%08lX", (long unsigned int)reference);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5], *name, *value;
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/gcol.c:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/libmysofa-1.1~dfsg1/src/hrtf/check.c:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(receiverPositions, hrtf->ReceiverPosition.values,
data/libmysofa-1.1~dfsg1/src/hrtf/easy.c:176:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, easy->hrtf->SourcePosition.values + nearest * easy->hrtf->C,
data/libmysofa-1.1~dfsg1/src/hrtf/kdtree.c:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->pos, pos, DIM * sizeof *node->pos);
data/libmysofa-1.1~dfsg1/src/hrtf/kdtree.c:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rect, kd->rect, sizeof(struct kdhyperrect));
data/libmysofa-1.1~dfsg1/src/hrtf/kdtree.c:250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rect->min, min, size);
data/libmysofa-1.1~dfsg1/src/hrtf/kdtree.c:251:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rect->max, max, size);
data/libmysofa-1.1~dfsg1/src/hrtf/lookup.c:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origin, hrtf->SourcePosition.values + i * hrtf->C,
data/libmysofa-1.1~dfsg1/src/hrtf/neighbors.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origin, hrtf->SourcePosition.values + i * hrtf->C,
data/libmysofa-1.1~dfsg1/src/hrtf/reader.c:83:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*dim = atoi(p);
data/libmysofa-1.1~dfsg1/src/hrtf/reader.c:292:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.fhd = fopen(filename, "rb");
data/libmysofa-1.1~dfsg1/src/hrtf/tools.c:20:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, str, size);
data/libmysofa-1.1~dfsg1/src/tests/easy.c:157:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen("/tmp/easy.tmp.json", "w");
data/libmysofa-1.1~dfsg1/src/tests/neighbors.c:45:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, hrtf->SourcePosition.values + i * hrtf->C,
data/libmysofa-1.1~dfsg1/src/tests/neighbors.c:55:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(C, hrtf->SourcePosition.values + res[j] * hrtf->C,
data/libmysofa-1.1~dfsg1/src/tests/tools.c:7:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(float) * 3);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:91:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:96:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
type = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:120:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:131:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:169:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:174:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
btree->type = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:179:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
btree->split_percent = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:180:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
btree->merge_percent = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:245:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
node_type = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/btree.c:246:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
node_level = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:98:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->type = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:125:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int version = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:127:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->dimensionality = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:133:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:161:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:167:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
li->flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:201:36: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dt->class_and_version = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:227:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dt->u.f.exponent_location = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:228:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dt->u.f.exponent_size = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:229:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dt->u.f.mantissa_location = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:230:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dt->u.f.mantissa_size = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:266:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:278:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= fgetc(reader->fhd) << (8 * j);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:306:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:317:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int dimension = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:373:29: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int spaceAllocationTime = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:374:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fillValueWriteTime = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:375:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fillValueDefined = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:398:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:411:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int version = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:472:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 3) {
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:479:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
layout_class = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:516:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dimensionality = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:579:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:586:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gi->flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:711:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
filterversion = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:713:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
filters = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:812:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
realloc(data->string, strlen(data->string) + strlen(buffer) + 2);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:812:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
realloc(data->string, strlen(data->string) + strlen(buffer) + 2);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:813:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(data->string, ",");
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:920:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int version = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:929:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:935:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
encoding = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1025:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1030:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ai->flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1060:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t header_message_type = (uint8_t)fgetc(fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1062:45: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t header_message_flags = (uint8_t)fgetc(fhd);
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1184:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 2) {
data/libmysofa-1.1~dfsg1/src/hdf/dataobject.c:1189:32: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dataobject->flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:53:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:110:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
typeandversion = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:170:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(value, "");
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:201:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:320:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:434:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:547:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0) {
data/libmysofa-1.1~dfsg1/src/hdf/fractalhead.c:556:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fractalheap->flags = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/gcol.c:32:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 1) {
data/libmysofa-1.1~dfsg1/src/hdf/gcol.c:36:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) < 0 || fgetc(reader->fhd) < 0 ||
data/libmysofa-1.1~dfsg1/src/hdf/gcol.c:36:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) < 0 || fgetc(reader->fhd) < 0 ||
data/libmysofa-1.1~dfsg1/src/hdf/gcol.c:37:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(reader->fhd) < 0)
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:21:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
superblock->size_of_offsets = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:22:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
superblock->size_of_lengths = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:23:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) < 0) /* File Consistency Flags */
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:69:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) !=
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:73:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) !=
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:77:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0)
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:80:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) !=
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:84:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
superblock->size_of_offsets = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:85:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
superblock->size_of_lengths = (uint8_t)fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:87:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(reader->fhd) != 0)
data/libmysofa-1.1~dfsg1/src/hdf/superblock.c:162:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int version = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hrtf/reader.c:30:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hrtf/reader.c:35:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(reader->fhd);
data/libmysofa-1.1~dfsg1/src/hrtf/reader.c:78:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = attr->value + strlen(attr->value) - 1;
data/libmysofa-1.1~dfsg1/src/hrtf/reader.c:145:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var->name = malloc(strlen(dataobject->name) + 1);
data/libmysofa-1.1~dfsg1/src/hrtf/tools.c:17:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(str) + 1;
ANALYSIS SUMMARY:
Hits = 109
Lines analyzed = 8222 in approximately 0.27 seconds (30091 lines/second)
Physical Source Lines of Code (SLOC) = 5870
Hits@level = [0] 112 [1] 77 [2] 28 [3] 1 [4] 3 [5] 0
Hits@level+ = [0+] 221 [1+] 109 [2+] 32 [3+] 4 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 37.6491 [1+] 18.569 [2+] 5.45145 [3+] 0.681431 [4+] 0.511073 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.