stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libreplaygain-1.0~r475/include/replaygain/gain_analysis.h
Examining data/libreplaygain-1.0~r475/src/gain_analysis.c

FINAL RESULTS:

data/libreplaygain-1.0~r475/src/gain_analysis.c:276:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy ( linprebuf + MAX_ORDER, left_samples , num_samples * sizeof(Float_t) );
data/libreplaygain-1.0~r475/src/gain_analysis.c:277:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy ( rinprebuf + MAX_ORDER, right_samples, num_samples * sizeof(Float_t) );
data/libreplaygain-1.0~r475/src/gain_analysis.c:280:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy ( linprebuf + MAX_ORDER, left_samples,  MAX_ORDER   * sizeof(Float_t) );
data/libreplaygain-1.0~r475/src/gain_analysis.c:281:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy ( rinprebuf + MAX_ORDER, right_samples, MAX_ORDER   * sizeof(Float_t) );
data/libreplaygain-1.0~r475/src/gain_analysis.c:371:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy  ( linprebuf + MAX_ORDER - num_samples, left_samples,          num_samples             * sizeof(Float_t) );
data/libreplaygain-1.0~r475/src/gain_analysis.c:372:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy  ( rinprebuf + MAX_ORDER - num_samples, right_samples,         num_samples             * sizeof(Float_t) );
data/libreplaygain-1.0~r475/src/gain_analysis.c:375:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy  ( linprebuf, left_samples  + num_samples - MAX_ORDER, MAX_ORDER * sizeof(Float_t) );
data/libreplaygain-1.0~r475/src/gain_analysis.c:376:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy  ( rinprebuf, right_samples + num_samples - MAX_ORDER, MAX_ORDER * sizeof(Float_t) );

ANALYSIS SUMMARY:

Hits = 8
Lines analyzed = 543 in approximately 0.04 seconds (13914 lines/second)
Physical Source Lines of Code (SLOC) = 357
Hits@level = [0]   0 [1]   0 [2]   8 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]   8 [1+]   8 [2+]   8 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 22.409 [1+] 22.409 [2+] 22.409 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.