Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/loudgain-0.6.8+ds/src/lg-util.h
Examining data/loudgain-0.6.8+ds/src/loudgain.c
Examining data/loudgain-0.6.8+ds/src/printf.c
Examining data/loudgain-0.6.8+ds/src/printf.h
Examining data/loudgain-0.6.8+ds/src/scan.c
Examining data/loudgain-0.6.8+ds/src/scan.h
Examining data/loudgain-0.6.8+ds/src/tag.cc
Examining data/loudgain-0.6.8+ds/src/tag.h
FINAL RESULTS:
data/loudgain-0.6.8+ds/src/loudgain.c:663:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_RED "Usage: " COLOR_OFF);
data/loudgain-0.6.8+ds/src/printf.c:183:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/loudgain-0.6.8+ds/src/loudgain.c:196:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((rc = getopt_long(argc, argv, short_opts, long_opts, &i)) !=-1) {
data/loudgain-0.6.8+ds/src/loudgain.c:150:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebur128_version[15] = "";
data/loudgain-0.6.8+ds/src/loudgain.c:152:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swr_version[15] = "";
data/loudgain-0.6.8+ds/src/loudgain.c:154:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lavf_version[15] = "";
data/loudgain-0.6.8+ds/src/loudgain.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[3] = "dB";
data/loudgain-0.6.8+ds/src/loudgain.c:259:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(unit, "LU");
data/loudgain-0.6.8+ds/src/loudgain.c:273:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id3v2version = atoi(optarg);
data/loudgain-0.6.8+ds/src/printf.c:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char format[LINE_MAX];
data/loudgain-0.6.8+ds/src/scan.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infotext[20];
data/loudgain-0.6.8+ds/src/scan.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infobuf[512];
data/loudgain-0.6.8+ds/src/scan.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[2048];
data/loudgain-0.6.8+ds/src/scan.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[2048];
data/loudgain-0.6.8+ds/src/scan.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[2048];
data/loudgain-0.6.8+ds/src/scan.c:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[2048];
data/loudgain-0.6.8+ds/src/tag.cc:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:675:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:848:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/loudgain-0.6.8+ds/src/tag.cc:932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 2644 in approximately 0.10 seconds (27173 lines/second)
Physical Source Lines of Code (SLOC) = 1617
Hits@level = [0] 129 [1] 0 [2] 23 [3] 1 [4] 2 [5] 0
Hits@level+ = [0+] 155 [1+] 26 [2+] 26 [3+] 3 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 95.8565 [1+] 16.0792 [2+] 16.0792 [3+] 1.85529 [4+] 1.23686 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.