Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libspctag-0.2/src/spctag.c
Examining data/libspctag-0.2/src/constants.h
Examining data/libspctag-0.2/src/spctag.h
Examining data/libspctag-0.2/test/test.c
FINAL RESULTS:
data/libspctag-0.2/test/test.c:48:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( song_title, spctag_get_songtitle() );
data/libspctag-0.2/test/test.c:49:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( game_title, spctag_get_gametitle() );
data/libspctag-0.2/test/test.c:50:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dumper_name, spctag_get_dumpername() );
data/libspctag-0.2/test/test.c:51:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( comments, spctag_get_comments() );
data/libspctag-0.2/test/test.c:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dump_date, spctag_get_dumpdate() );
data/libspctag-0.2/test/test.c:53:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( length, spctag_get_length() );
data/libspctag-0.2/test/test.c:54:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( fade_length, spctag_get_fadelength() );
data/libspctag-0.2/test/test.c:55:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( artist, spctag_get_artist() );
data/libspctag-0.2/test/test.c:56:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( channels, spctag_get_defaultchannels() );
data/libspctag-0.2/test/test.c:57:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( emulator, spctag_get_emulator() );
data/libspctag-0.2/src/spctag.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char song_title[SPCTAG_SONGTITLE_LENGTH+1];
data/libspctag-0.2/src/spctag.c:33:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char game_title[SPCTAG_GAMETITLE_LENGTH+1];
data/libspctag-0.2/src/spctag.c:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dumper_name[SPCTAG_DUMPERNAME_LENGTH+1];
data/libspctag-0.2/src/spctag.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comments[SPCTAG_COMMENTS_LENGTH+1];
data/libspctag-0.2/src/spctag.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dump_date[SPCTAG_DUMPDATE_TXT_LENGTH+1];
data/libspctag-0.2/src/spctag.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char length[SPCTAG_LENGTH_LENGTH+1];
data/libspctag-0.2/src/spctag.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fade_length[SPCTAG_FADELENGTH_TXT_LENGTH+1];
data/libspctag-0.2/src/spctag.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char artist[SPCTAG_ARTIST_LENGTH+1];
data/libspctag-0.2/src/spctag.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channels[9];
data/libspctag-0.2/src/spctag.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[SPCTAG_FILE_HEADER_LENGTH+1]; // SPC file header
data/libspctag-0.2/src/spctag.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_tag[SPCTAG_TEST_LENGTH+1];
data/libspctag-0.2/src/spctag.c:209:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( dump_date, "%.2d/%.2d/%.4u", spctag_tags_bin->dump_month, spctag_tags_bin->dump_day, *(unsigned*)spctag_tags_bin->dump_year );
data/libspctag-0.2/src/spctag.c:226:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( length, "%u", bin_length );
data/libspctag-0.2/src/spctag.c:241:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( fade_length, "%u", bin_fadelength );
data/libspctag-0.2/src/spctag.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day_string[3];
data/libspctag-0.2/src/spctag.c:336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month_string[3];
data/libspctag-0.2/src/spctag.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char year_string[5];
data/libspctag-0.2/src/spctag.c:345:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi( day_string ) & 0xFF;
data/libspctag-0.2/src/spctag.c:346:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi( month_string ) & 0xFF;
data/libspctag-0.2/src/spctag.c:347:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi( year_string );
data/libspctag-0.2/src/spctag.c:362:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned length = (unsigned)atoi( new_length );
data/libspctag-0.2/src/spctag.c:378:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned fadelength = (unsigned)atoi( new_fadelength );
data/libspctag-0.2/src/spctag.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char song_title[SPCTAG_SONGTITLE_LENGTH]; // Song title
data/libspctag-0.2/src/spctag.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char game_title[SPCTAG_GAMETITLE_LENGTH]; // Game title
data/libspctag-0.2/src/spctag.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dumper_name[SPCTAG_DUMPERNAME_LENGTH]; // Name of dumper
data/libspctag-0.2/src/spctag.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comments[SPCTAG_COMMENTS_LENGTH]; // Comments
data/libspctag-0.2/src/spctag.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dump_date[SPCTAG_DUMPDATE_TXT_LENGTH]; // Date SPC was dumped (MM/DD/YYYY)
data/libspctag-0.2/src/spctag.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char length[SPCTAG_LENGTH_LENGTH]; // Number of seconds to play song before fading out
data/libspctag-0.2/src/spctag.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fade_length[SPCTAG_FADELENGTH_TXT_LENGTH]; // Length of fade in milliseconds
data/libspctag-0.2/src/spctag.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char artist[SPCTAG_ARTIST_LENGTH]; // Artist of song
data/libspctag-0.2/src/spctag.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[45];
data/libspctag-0.2/src/spctag.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char song_title[SPCTAG_SONGTITLE_LENGTH]; // Song title
data/libspctag-0.2/src/spctag.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char game_title[SPCTAG_GAMETITLE_LENGTH]; // Game title
data/libspctag-0.2/src/spctag.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dumper_name[SPCTAG_DUMPERNAME_LENGTH]; // Name of dumper
data/libspctag-0.2/src/spctag.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comments[SPCTAG_COMMENTS_LENGTH]; // Comments
data/libspctag-0.2/src/spctag.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dump_year[SPCTAG_DUMPYEAR_BIN_LENGTH]; // Year SPC was dumped
data/libspctag-0.2/src/spctag.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused[7];
data/libspctag-0.2/src/spctag.h:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char length[SPCTAG_LENGTH_LENGTH]; // Number of seconds to play song before fading out
data/libspctag-0.2/src/spctag.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fade_length[SPCTAG_FADELENGTH_BIN_LENGTH]; // Length of fade in milliseconds
data/libspctag-0.2/src/spctag.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char artist[SPCTAG_ARTIST_LENGTH]; // Artist of song
data/libspctag-0.2/src/spctag.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[46];
data/libspctag-0.2/test/test.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char song_title[SPCTAG_SONGTITLE_LENGTH+1];
data/libspctag-0.2/test/test.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char game_title[SPCTAG_GAMETITLE_LENGTH+1];
data/libspctag-0.2/test/test.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dumper_name[SPCTAG_DUMPERNAME_LENGTH+1];
data/libspctag-0.2/test/test.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comments[SPCTAG_COMMENTS_LENGTH+1];
data/libspctag-0.2/test/test.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dump_date[SPCTAG_DUMPDATE_TXT_LENGTH+1];
data/libspctag-0.2/test/test.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char length[SPCTAG_LENGTH_LENGTH+1];
data/libspctag-0.2/test/test.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fade_length[SPCTAG_FADELENGTH_BIN_LENGTH+1];
data/libspctag-0.2/test/test.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char artist[SPCTAG_ARTIST_LENGTH+1];
data/libspctag-0.2/test/test.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channels[9];
data/libspctag-0.2/test/test.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emulator[20];
data/libspctag-0.2/test/test.c:32:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( spc_file = fopen( argv[1], "r+b" ) ) == NULL ) {
data/libspctag-0.2/src/spctag.c:129:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
has_tag = fgetc( file );
data/libspctag-0.2/src/spctag.c:158:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( song_title, spctag_tags_txt->song_title, SPCTAG_SONGTITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:160:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( song_title, spctag_tags_bin->song_title, SPCTAG_SONGTITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:170:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( game_title, spctag_tags_txt->game_title, SPCTAG_GAMETITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:172:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( game_title, spctag_tags_bin->game_title, SPCTAG_GAMETITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:182:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dumper_name, spctag_tags_txt->dumper_name, SPCTAG_DUMPERNAME_LENGTH );
data/libspctag-0.2/src/spctag.c:184:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dumper_name, spctag_tags_bin->dumper_name, SPCTAG_DUMPERNAME_LENGTH );
data/libspctag-0.2/src/spctag.c:194:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( comments, spctag_tags_txt->comments, SPCTAG_COMMENTS_LENGTH );
data/libspctag-0.2/src/spctag.c:196:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( comments, spctag_tags_bin->comments, SPCTAG_COMMENTS_LENGTH );
data/libspctag-0.2/src/spctag.c:206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dump_date, spctag_tags_txt->dump_date, SPCTAG_DUMPDATE_TXT_LENGTH );
data/libspctag-0.2/src/spctag.c:222:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( length, spctag_tags_txt->length, SPCTAG_LENGTH_LENGTH );
data/libspctag-0.2/src/spctag.c:225:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( (char*)&bin_length, spctag_tags_bin->length, SPCTAG_LENGTH_LENGTH );
data/libspctag-0.2/src/spctag.c:237:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( fade_length, spctag_tags_txt->fade_length, SPCTAG_FADELENGTH_TXT_LENGTH );
data/libspctag-0.2/src/spctag.c:240:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( (char*)&bin_fadelength, spctag_tags_bin->fade_length, SPCTAG_FADELENGTH_BIN_LENGTH );
data/libspctag-0.2/src/spctag.c:252:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( artist, spctag_tags_txt->artist, SPCTAG_ARTIST_LENGTH );
data/libspctag-0.2/src/spctag.c:254:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( artist, spctag_tags_bin->artist, SPCTAG_ARTIST_LENGTH );
data/libspctag-0.2/src/spctag.c:293:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->song_title, new_songtitle, SPCTAG_SONGTITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:295:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->song_title, new_songtitle, SPCTAG_SONGTITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:303:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->game_title, new_gametitle, SPCTAG_GAMETITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:305:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->game_title, new_gametitle, SPCTAG_GAMETITLE_LENGTH );
data/libspctag-0.2/src/spctag.c:313:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->dumper_name, new_dumpername, SPCTAG_DUMPERNAME_LENGTH );
data/libspctag-0.2/src/spctag.c:315:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->dumper_name, new_dumpername, SPCTAG_DUMPERNAME_LENGTH );
data/libspctag-0.2/src/spctag.c:323:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->comments, new_comments, SPCTAG_COMMENTS_LENGTH );
data/libspctag-0.2/src/spctag.c:325:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->comments, new_comments, SPCTAG_COMMENTS_LENGTH );
data/libspctag-0.2/src/spctag.c:333:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->dump_date, new_dumdate, SPCTAG_DUMPDATE_TXT_LENGTH );
data/libspctag-0.2/src/spctag.c:341:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( day_string, new_dumdate+3, 2 );
data/libspctag-0.2/src/spctag.c:342:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( month_string, new_dumdate, 2 );
data/libspctag-0.2/src/spctag.c:343:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( year_string, new_dumdate+6, 4 );
data/libspctag-0.2/src/spctag.c:351:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->dump_year, (char*)&year, SPCTAG_DUMPYEAR_BIN_LENGTH );
data/libspctag-0.2/src/spctag.c:360:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->length, new_length, SPCTAG_LENGTH_LENGTH );
data/libspctag-0.2/src/spctag.c:367:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->length, (char*)&length, SPCTAG_LENGTH_LENGTH );
data/libspctag-0.2/src/spctag.c:376:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->fade_length, new_fadelength, SPCTAG_FADELENGTH_TXT_LENGTH );
data/libspctag-0.2/src/spctag.c:383:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->fade_length, (char*)&fadelength, SPCTAG_FADELENGTH_BIN_LENGTH);
data/libspctag-0.2/src/spctag.c:392:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_txt->artist, new_artist, SPCTAG_ARTIST_LENGTH );
data/libspctag-0.2/src/spctag.c:394:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( spctag_tags_bin->artist, new_artist, SPCTAG_ARTIST_LENGTH );
ANALYSIS SUMMARY:
Hits = 97
Lines analyzed = 914 in approximately 0.05 seconds (17008 lines/second)
Physical Source Lines of Code (SLOC) = 502
Hits@level = [0] 44 [1] 35 [2] 52 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 141 [1+] 97 [2+] 62 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 280.876 [1+] 193.227 [2+] 123.506 [3+] 19.9203 [4+] 19.9203 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.