Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mcp-plugins-0.4.0/cs_phaser.h Examining data/mcp-plugins-0.4.0/mvclpf24.cc Examining data/mcp-plugins-0.4.0/mvchpf24.h Examining data/mcp-plugins-0.4.0/cs_chorus.h Examining data/mcp-plugins-0.4.0/mvchpf24.cc Examining data/mcp-plugins-0.4.0/ladspa.h Examining data/mcp-plugins-0.4.0/exp2ap.cc Examining data/mcp-plugins-0.4.0/ladspaplugin.h Examining data/mcp-plugins-0.4.0/mvclpf24.h Examining data/mcp-plugins-0.4.0/cs_chorus.cc Examining data/mcp-plugins-0.4.0/cs_phaser.cc Examining data/mcp-plugins-0.4.0/cs_chorus_if.cc Examining data/mcp-plugins-0.4.0/cs_phaser_if.cc Examining data/mcp-plugins-0.4.0/mvchpf24_if.cc Examining data/mcp-plugins-0.4.0/mvclpf24_if.cc FINAL RESULTS: data/mcp-plugins-0.4.0/cs_chorus_if.cc:111:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const pname12 [Ladspa_CS_chorus1::NPORT] = data/mcp-plugins-0.4.0/cs_chorus_if.cc:147:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const pname3 [Ladspa_CS_chorus3::NPORT] = data/mcp-plugins-0.4.0/cs_phaser_if.cc:95:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const pname0 [Ladspa_CS_phaser1::NPORT] = data/mcp-plugins-0.4.0/cs_phaser_if.cc:153:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const pname1 [Ladspa_CS_phaser1lfo::NPORT] = data/mcp-plugins-0.4.0/mvchpf24_if.cc:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const pname1 [Ladspa_Mvchpf1::NPORT] = data/mcp-plugins-0.4.0/mvclpf24_if.cc:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const pname1 [Ladspa_Moogvcf1::NPORT] = data/mcp-plugins-0.4.0/mvclpf24_if.cc:151:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const pname4 [Ladspa_Moogvcf4::NPORT + Ladspa_Moogvcf4::NLABEL] = ANALYSIS SUMMARY: Hits = 7 Lines analyzed = 3138 in approximately 0.12 seconds (26711 lines/second) Physical Source Lines of Code (SLOC) = 1904 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.67647 [1+] 3.67647 [2+] 3.67647 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.