Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libomxmad-0.1/src/omx_maddec_component.h
Examining data/libomxmad-0.1/src/library_entry_point.c
Examining data/libomxmad-0.1/src/omx_maddec_component.c
FINAL RESULTS:
data/libomxmad-0.1/src/omx_maddec_component.c:730:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( (char*) pComponentRole->cRole, AUDIO_DEC_MP3_ROLE);
data/libomxmad-0.1/src/library_entry_point.c:66:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stComponents[0]->name, "OMX.st.audio_decoder.mp3.mad");
data/libomxmad-0.1/src/library_entry_point.c:82:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stComponents[0]->name_specific[0], "OMX.st.audio_decoder.mp3.mad");
data/libomxmad-0.1/src/library_entry_point.c:83:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stComponents[0]->role_specific[0], "audio_decoder.mp3");
data/libomxmad-0.1/src/omx_maddec_component.c:132:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(inPort->sPortParam.format.audio.cMIMEType, "audio/mpeg");
data/libomxmad-0.1/src/omx_maddec_component.c:216:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(omx_maddec_component_Private->ports[OMX_BASE_FILTER_INPUTPORT_INDEX]->sPortParam.format.audio.cMIMEType, "audio/mpeg");
data/libomxmad-0.1/src/omx_maddec_component.c:397:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(omx_maddec_component_Private->temporary_buffer->pBuffer+omx_maddec_component_Private->temporary_buffer->nFilledLen, inputbuffer->pBuffer + inputbuffer->nOffset, tocopy);
data/libomxmad-0.1/src/omx_maddec_component.c:601:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&port->sAudioParam, pAudioPortFormat, sizeof(OMX_AUDIO_PARAM_PORTFORMATTYPE));
data/libomxmad-0.1/src/omx_maddec_component.c:616:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&omx_maddec_component_Private->pAudioPcmMode, pAudioPcmMode, sizeof(OMX_AUDIO_PARAM_PCMMODETYPE));
data/libomxmad-0.1/src/omx_maddec_component.c:648:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&omx_maddec_component_Private->pAudioMp3, pAudioMp3, sizeof(OMX_AUDIO_PARAM_MP3TYPE));
data/libomxmad-0.1/src/omx_maddec_component.c:686:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ComponentParameterStructure, &omx_maddec_component_Private->sPortTypesParam[OMX_PortDomainAudio], sizeof(OMX_PORT_PARAM_TYPE));
data/libomxmad-0.1/src/omx_maddec_component.c:696:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pAudioPortFormat, &port->sAudioParam, sizeof(OMX_AUDIO_PARAM_PORTFORMATTYPE));
data/libomxmad-0.1/src/omx_maddec_component.c:710:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pAudioPcmMode, &omx_maddec_component_Private->pAudioPcmMode, sizeof(OMX_AUDIO_PARAM_PCMMODETYPE));
data/libomxmad-0.1/src/omx_maddec_component.c:721:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pAudioMp3, &omx_maddec_component_Private->pAudioMp3, sizeof(OMX_AUDIO_PARAM_MP3TYPE));
data/libomxmad-0.1/src/omx_maddec_component.c:732:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( (char*) pComponentRole->cRole,"\0");;
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 990 in approximately 0.07 seconds (14331 lines/second)
Physical Source Lines of Code (SLOC) = 644
Hits@level = [0] 0 [1] 1 [2] 13 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 15 [1+] 15 [2+] 14 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 23.2919 [1+] 23.2919 [2+] 21.7391 [3+] 1.5528 [4+] 1.5528 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.