Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mp3info-0.8.5a/mp3curs.c
Examining data/mp3info-0.8.5a/mp3info.h
Examining data/mp3info-0.8.5a/mp3tech.c
Examining data/mp3info-0.8.5a/mp3tech.h
Examining data/mp3info-0.8.5a/textfunc.h
Examining data/mp3info-0.8.5a/win32/curses.h
Examining data/mp3info-0.8.5a/win32/getopt.c
Examining data/mp3info-0.8.5a/win32/truncate.c
Examining data/mp3info-0.8.5a/gmp3info.c
Examining data/mp3info-0.8.5a/mp3info.c
Examining data/mp3info-0.8.5a/textfunc.c
FINAL RESULTS:
data/mp3info-0.8.5a/mp3tech.c:369:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(buf,mp3->id3.title,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3tech.c:371:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(buf,mp3->id3.artist,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3tech.c:373:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(buf,mp3->id3.album,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3tech.c:375:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(buf,mp3->id3.year,INT_FIELD_LEN);
data/mp3info-0.8.5a/mp3tech.c:377:2: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(buf,mp3->id3.comment,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/gmp3info.c:73:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mp3.id3.title,gtk_entry_get_text(GTK_ENTRY(id3win_text_title)));
data/mp3info-0.8.5a/gmp3info.c:74:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mp3.id3.artist,gtk_entry_get_text(GTK_ENTRY(id3win_text_artist)));
data/mp3info-0.8.5a/gmp3info.c:75:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mp3.id3.album,gtk_entry_get_text(GTK_ENTRY(id3win_text_album)));
data/mp3info-0.8.5a/gmp3info.c:76:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mp3.id3.year,gtk_entry_get_text(GTK_ENTRY(id3win_text_year)));
data/mp3info-0.8.5a/gmp3info.c:77:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mp3.id3.comment,gtk_entry_get_text(GTK_ENTRY(id3win_text_comment)));
data/mp3info-0.8.5a/gmp3info.c:78:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp,gtk_entry_get_text(GTK_ENTRY(GTK_COMBO(id3win_combo_genre)->entry)));
data/mp3info-0.8.5a/gmp3info.c:80:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp,gtk_entry_get_text(GTK_ENTRY(id3win_text_track)));
data/mp3info-0.8.5a/gmp3info.c:319:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Media Type: MPEG %s Layer %s",mp3.header.version ? ((mp3.header.version==2) ? "2.5" : "1.0") : "2.0", layer_text[header_layer(&mp3.header)-1]);
data/mp3info-0.8.5a/gmp3info.c:337:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Emphasis: %s",header_emphasis(&mp3.header));
data/mp3info-0.8.5a/gmp3info.c:341:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"CRC: %s",!mp3.header.crc ? "Yes" : "No");
data/mp3info-0.8.5a/gmp3info.c:345:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Copyright: %s",mp3.header.copyright ? "Yes" : "No");
data/mp3info-0.8.5a/gmp3info.c:349:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Original: %s",mp3.header.original ? "Yes" : "No");
data/mp3info-0.8.5a/gmp3info.c:353:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Padding: %s",mp3.header.padding ? "Yes" : "No");
data/mp3info-0.8.5a/mp3curs.c:49:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,checkinput(c,string,length));
data/mp3info-0.8.5a/mp3curs.c:97:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(genre_text,genre);
data/mp3info-0.8.5a/textfunc.c:173:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s",typegenre[genre_num]);
data/mp3info-0.8.5a/textfunc.c:230:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format);
data/mp3info-0.8.5a/textfunc.c:245:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case 't': printf(mod,mp3->id3.title); break;
data/mp3info-0.8.5a/textfunc.c:248:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,pos); break;
data/mp3info-0.8.5a/textfunc.c:249:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case 'F': printf(mod,mp3->filename); break;
data/mp3info-0.8.5a/textfunc.c:250:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case 'a': printf(mod,mp3->id3.artist); break;
data/mp3info-0.8.5a/textfunc.c:251:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case 'l': printf(mod,mp3->id3.album); break;
data/mp3info-0.8.5a/textfunc.c:252:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case 'k': mod[modlen-1] = 'd'; printf(mod,mp3->datasize / 1024); break;
data/mp3info-0.8.5a/textfunc.c:253:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case 'y': printf(mod,mp3->id3.year); break;
data/mp3info-0.8.5a/textfunc.c:254:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case 'c': printf(mod,mp3->id3.comment); break;
data/mp3info-0.8.5a/textfunc.c:257:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod, (int) mp3->id3.track[0]);
data/mp3info-0.8.5a/textfunc.c:262:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,genre);
data/mp3info-0.8.5a/textfunc.c:267:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,(int) mp3->id3.genre[0]);
data/mp3info-0.8.5a/textfunc.c:272:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,"Variable");
data/mp3info-0.8.5a/textfunc.c:275:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->vbr_average);
data/mp3info-0.8.5a/textfunc.c:278:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,header_bitrate(&mp3->header));
data/mp3info-0.8.5a/textfunc.c:284:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,header_frequency(&mp3->header)/1000);
data/mp3info-0.8.5a/textfunc.c:289:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,header_frequency(&mp3->header));
data/mp3info-0.8.5a/textfunc.c:293:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,header_emphasis(&mp3->header));
data/mp3info-0.8.5a/textfunc.c:297:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,!mp3->header.crc ? "Yes" : "No");
data/mp3info-0.8.5a/textfunc.c:301:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->header.copyright ? "Yes" : "No");
data/mp3info-0.8.5a/textfunc.c:305:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->header.original ? "Yes" : "No");
data/mp3info-0.8.5a/textfunc.c:310:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->seconds / 60);
data/mp3info-0.8.5a/textfunc.c:315:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->seconds % 60);
data/mp3info-0.8.5a/textfunc.c:320:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->seconds);
data/mp3info-0.8.5a/textfunc.c:325:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->header.version ? ((mp3->header.version==2) ? 2.5 : 1.0) : 2.0);
data/mp3info-0.8.5a/textfunc.c:329:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,layer_text[header_layer(&mp3->header)-1]);
data/mp3info-0.8.5a/textfunc.c:333:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,header_mode(&mp3->header));
data/mp3info-0.8.5a/textfunc.c:337:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->header.padding ? "Yes" : "No");
data/mp3info-0.8.5a/textfunc.c:342:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->frames);
data/mp3info-0.8.5a/textfunc.c:347:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mod,mp3->badframes);
data/mp3info-0.8.5a/textfunc.c:357:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format);
data/mp3info-0.8.5a/mp3info.c:69:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c=getopt(argc,argv,"vhGidfxFt:a:l:y:c:n:g:p:r:"))!=-1) {
data/mp3info-0.8.5a/win32/getopt.c:57:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(nargc, nargv, ostr)
data/mp3info-0.8.5a/gmp3info.c:63:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[2];
data/mp3info-0.8.5a/gmp3info.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[31];
data/mp3info-0.8.5a/gmp3info.c:81:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mp3.id3.track[0]=atoi(tmp);
data/mp3info-0.8.5a/gmp3info.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_text[4];
data/mp3info-0.8.5a/gmp3info.c:244:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(track_text,"%d",(int)mp3.id3.track[0]);
data/mp3info-0.8.5a/gmp3info.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1023];
data/mp3info-0.8.5a/gmp3info.c:323:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Bitrate: %i kbps",header_bitrate(&mp3.header));
data/mp3info-0.8.5a/gmp3info.c:327:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Frequency: %i kHz",header_frequency(&mp3.header)/1000);
data/mp3info-0.8.5a/gmp3info.c:333:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Length: %i:%02i",ibuf,ibuf2);
data/mp3info-0.8.5a/gmp3info.c:359:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"This file's header\nis invalid.\n\nNo information\navailable");
data/mp3info-0.8.5a/gmp3info.c:425:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !( nmp3.file=fopen(filename,"rb+") ) ) {
data/mp3info-0.8.5a/gmp3info.c:426:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((nmp3.file=fopen(filename,"rb")))
data/mp3info-0.8.5a/mp3curs.c:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[TEXT_FIELD_LEN];
data/mp3info-0.8.5a/mp3curs.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[50], track_text[4], *genre, genre_text[30];
data/mp3info-0.8.5a/mp3curs.c:86:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(track_text,"%d",tag->track[0]);
data/mp3info-0.8.5a/mp3curs.c:127:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((track_num=atoi(track_text)) < 256) {
data/mp3info-0.8.5a/mp3info.c:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[256];
data/mp3info-0.8.5a/mp3info.c:122:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n=atoi(optarg);
data/mp3info-0.8.5a/mp3info.c:185:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !( fp=fopen(argv[i],"rb") ) ) {
data/mp3info-0.8.5a/mp3info.c:193:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !( fp=fopen(argv[i],"rb+") ) ) {
data/mp3info-0.8.5a/mp3info.h:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *typegenre [MAXGENRE+2] = {
data/mp3info-0.8.5a/mp3info.h:109:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *typegenre [MAXGENRE+2];
data/mp3info-0.8.5a/mp3tech.c:127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header,&(mp3->header),sizeof(mp3header));
data/mp3info-0.8.5a/mp3tech.c:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mp3->header),&h2,sizeof(mp3header));
data/mp3info-0.8.5a/mp3tech.c:222:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[FRAME_HEADER_SIZE];
data/mp3info-0.8.5a/mp3tech.c:299:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[4];
data/mp3info-0.8.5a/mp3tech.c:365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[129];
data/mp3info-0.8.5a/mp3tech.c:367:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"TAG");
data/mp3info-0.8.5a/mp3tech.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[31];
data/mp3info-0.8.5a/mp3tech.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char artist[31];
data/mp3info-0.8.5a/mp3tech.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char album[31];
data/mp3info-0.8.5a/mp3tech.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char year[5];
data/mp3info-0.8.5a/mp3tech.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[31];
data/mp3info-0.8.5a/mp3tech.h:62:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char track[1];
data/mp3info-0.8.5a/mp3tech.h:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char genre[1];
data/mp3info-0.8.5a/textfunc.c:175:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"(UNKNOWN) [%d]",genre_num);
data/mp3info-0.8.5a/textfunc.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char genre[40]="";
data/mp3info-0.8.5a/textfunc.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod[1000],*percent,*pos,*code;
data/mp3info-0.8.5a/win32/truncate.c:12:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_WRONLY);
data/mp3info-0.8.5a/mp3curs.c:111:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag->title,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:111:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tag->title,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:113:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag->artist,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:113:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tag->artist,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:115:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag->album,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:115:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tag->album,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:117:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag->year,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:117:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tag->year,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:119:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag->comment,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:119:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tag->comment,line,strlen(line));
data/mp3info-0.8.5a/mp3curs.c:121:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(track_text,line,strlen(line) + (strlen(line) < strlen (track_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3curs.c:121:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(track_text,line,strlen(line) + (strlen(line) < strlen (track_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3curs.c:121:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(track_text,line,strlen(line) + (strlen(line) < strlen (track_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3curs.c:121:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(track_text,line,strlen(line) + (strlen(line) < strlen (track_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3curs.c:124:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(genre_text,line,strlen(line) + (strlen(line) < strlen (genre_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3curs.c:124:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(genre_text,line,strlen(line) + (strlen(line) < strlen (genre_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3curs.c:124:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(genre_text,line,strlen(line) + (strlen(line) < strlen (genre_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3curs.c:124:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(genre_text,line,strlen(line) + (strlen(line) < strlen (genre_text) ? 0 : 1));
data/mp3info-0.8.5a/mp3info.c:102:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tag.title,optarg,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:106:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tag.artist,optarg,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:110:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tag.album,optarg,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:114:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tag.year,optarg,INT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:118:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tag.comment,optarg,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:239:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp3.id3.title,new_tag.title,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:243:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp3.id3.artist,new_tag.artist,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:247:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp3.id3.album,new_tag.album,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:251:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp3.id3.comment,new_tag.comment,TEXT_FIELD_LEN);
data/mp3info-0.8.5a/mp3info.c:262:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp3.id3.year,new_tag.year,INT_FIELD_LEN);
data/mp3info-0.8.5a/mp3tech.c:161:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(mp3->file)) != 255 && (c != EOF));
data/mp3info-0.8.5a/mp3tech.c:196:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(mp3->file)) != 255 && (ftell(mp3->file) < mp3->datasize)) skip_bytes++;
data/mp3info-0.8.5a/mp3tech.c:340:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(string);
data/mp3info-0.8.5a/mp3tech.c:353:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pos=string+strlen(string)-1;
data/mp3info-0.8.5a/mp3tech.c:378:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf,(char *)&(mp3->id3.genre),1);
data/mp3info-0.8.5a/textfunc.c:37:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw(line,(COLS/2)-((int)strlen(text)/2),text);
data/mp3info-0.8.5a/textfunc.c:241:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mod,percent,modlen);
data/mp3info-0.8.5a/textfunc.c:367:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(*read) {
data/mp3info-0.8.5a/textfunc.c:370:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (*read) {
data/mp3info-0.8.5a/textfunc.c:381:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(isxdigit(*read)) val=xtoi(read++);
data/mp3info-0.8.5a/textfunc.c:382:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(isxdigit(*read)) val=(val*16) + xtoi(read++);
data/mp3info-0.8.5a/textfunc.c:384:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
default: if(*read <= '7' && *read >= '0') { /* octal */
data/mp3info-0.8.5a/textfunc.c:384:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
default: if(*read <= '7' && *read >= '0') { /* octal */
data/mp3info-0.8.5a/textfunc.c:386:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(*read <= '7' && *read >= '0') val=(val*8) + xtoi(read++);
data/mp3info-0.8.5a/textfunc.c:386:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(*read <= '7' && *read >= '0') val=(val*8) + xtoi(read++);
data/mp3info-0.8.5a/textfunc.c:387:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(*read <= '7' && *read >= '0') val=(val*8) + xtoi(read++);
data/mp3info-0.8.5a/textfunc.c:387:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(*read <= '7' && *read >= '0') val=(val*8) + xtoi(read++);
ANALYSIS SUMMARY:
Hits = 138
Lines analyzed = 4267 in approximately 0.14 seconds (29991 lines/second)
Physical Source Lines of Code (SLOC) = 3219
Hits@level = [0] 39 [1] 45 [2] 39 [3] 2 [4] 47 [5] 5
Hits@level+ = [0+] 177 [1+] 138 [2+] 93 [3+] 54 [4+] 52 [5+] 5
Hits/KSLOC@level+ = [0+] 54.986 [1+] 42.8705 [2+] 28.891 [3+] 16.7754 [4+] 16.1541 [5+] 1.55328
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.