Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ocaml-speex-0.2.1/src/speex_stubs.c
FINAL RESULTS:
data/ocaml-speex-0.2.1/src/speex_stubs.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p+4, vendor_string, vendor_length);
data/ocaml-speex-0.2.1/src/speex_stubs.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p+*length+4, val, val_len); /* comment */
data/ocaml-speex-0.2.1/src/speex_stubs.c:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(tmp),c,len);
data/ocaml-speex-0.2.1/src/speex_stubs.c:146:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(tmp),c,len);
data/ocaml-speex-0.2.1/src/speex_stubs.c:176:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->speex_string,String_val(tmp),caml_string_length(tmp));
data/ocaml-speex-0.2.1/src/speex_stubs.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->speex_version,String_val(tmp),caml_string_length(tmp));
data/ocaml-speex-0.2.1/src/speex_stubs.c:205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(tmp),header->speex_string,SPEEX_HEADER_STRING_LENGTH);
data/ocaml-speex-0.2.1/src/speex_stubs.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(tmp),header->speex_version,SPEEX_HEADER_VERSION_LENGTH);
data/ocaml-speex-0.2.1/src/speex_stubs.c:819:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (op.packet, FISBONE_IDENTIFIER, 8); /* identifier */
data/ocaml-speex-0.2.1/src/speex_stubs.c:829:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (op.packet+FISBONE_SIZE, String_val(content), caml_string_length(content));
data/ocaml-speex-0.2.1/src/speex_stubs.c:77:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vendor_length=strlen(vendor_string);
data/ocaml-speex-0.2.1/src/speex_stubs.c:94:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int val_len=strlen(val);
ANALYSIS SUMMARY:
Hits = 12
Lines analyzed = 839 in approximately 0.05 seconds (16063 lines/second)
Physical Source Lines of Code (SLOC) = 674
Hits@level = [0] 0 [1] 2 [2] 10 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 12 [1+] 12 [2+] 10 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 17.8042 [1+] 17.8042 [2+] 14.8368 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.