Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libogg-1.3.2/include/ogg/ogg.h Examining data/libogg-1.3.2/include/ogg/os_types.h Examining data/libogg-1.3.2/src/bitwise.c Examining data/libogg-1.3.2/src/framing.c FINAL RESULTS: data/libogg-1.3.2/include/ogg/ogg.h:69:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[282]; /* working space for header encode */ data/libogg-1.3.2/src/framing.c:355:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(os->body_data+os->body_fill, iov[i].iov_base, iov[i].iov_len); data/libogg-1.3.2/src/framing.c:445:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(os->header,"OggS",4); data/libogg-1.3.2/src/framing.c:706:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chksum[4]; data/libogg-1.3.2/src/framing.c:709:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chksum,page+22,4); data/libogg-1.3.2/src/framing.c:724:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page+22,chksum,4); data/libogg-1.3.2/src/framing.c:894:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(os->body_data+os->body_fill,body,bodysize); data/libogg-1.3.2/src/framing.c:1144:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp,og->header,og->header_len); data/libogg-1.3.2/src/framing.c:1148:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp,og->body,og->body_len); data/libogg-1.3.2/src/framing.c:1568:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(next,og.header,byteskipcount-byteskip); data/libogg-1.3.2/src/framing.c:1575:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(next,og.body,byteskipcount-byteskip); data/libogg-1.3.2/src/framing.c:1852:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[i].header_len),og[i].header, data/libogg-1.3.2/src/framing.c:1855:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[i].body_len),og[i].body,og[i].body_len); data/libogg-1.3.2/src/framing.c:1901:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[i].header_len),og[i].header, data/libogg-1.3.2/src/framing.c:1904:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[i].body_len),og[i].body,og[i].body_len); data/libogg-1.3.2/src/framing.c:1954:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header, data/libogg-1.3.2/src/framing.c:1960:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header+3, data/libogg-1.3.2/src/framing.c:1966:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header+23, data/libogg-1.3.2/src/framing.c:1973:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header+28, data/libogg-1.3.2/src/framing.c:1978:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].body_len),og[1].body,1000); data/libogg-1.3.2/src/framing.c:1982:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].body_len),og[1].body+1000, data/libogg-1.3.2/src/framing.c:1996:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header, data/libogg-1.3.2/src/framing.c:2000:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].body_len),og[1].body, data/libogg-1.3.2/src/framing.c:2004:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header, data/libogg-1.3.2/src/framing.c:2010:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header+20, data/libogg-1.3.2/src/framing.c:2013:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].body_len),og[1].body, data/libogg-1.3.2/src/framing.c:2028:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].body_len),og[1].body, data/libogg-1.3.2/src/framing.c:2032:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header, data/libogg-1.3.2/src/framing.c:2036:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].body_len),og[1].body, data/libogg-1.3.2/src/framing.c:2040:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[2].header_len),og[2].header, data/libogg-1.3.2/src/framing.c:2047:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[2].header_len),og[2].header+20, data/libogg-1.3.2/src/framing.c:2050:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[2].body_len),og[2].body, data/libogg-1.3.2/src/framing.c:2064:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].header_len),og[1].header, data/libogg-1.3.2/src/framing.c:2068:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[1].body_len),og[1].body, data/libogg-1.3.2/src/framing.c:2072:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[2].header_len),og[2].header, data/libogg-1.3.2/src/framing.c:2076:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[2].header_len),og[2].header, data/libogg-1.3.2/src/framing.c:2082:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[2].body_len),og[2].body, data/libogg-1.3.2/src/framing.c:2086:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[3].header_len),og[3].header, data/libogg-1.3.2/src/framing.c:2090:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ogg_sync_buffer(&oy,og[3].body_len),og[3].body, ANALYSIS SUMMARY: Hits = 39 Lines analyzed = 3556 in approximately 0.43 seconds (8179 lines/second) Physical Source Lines of Code (SLOC) = 2637 Hits@level = [0] 128 [1] 0 [2] 39 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 167 [1+] 39 [2+] 39 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 63.3295 [1+] 14.7895 [2+] 14.7895 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.