Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/oggvideotools-0.9.1/src/base/mediaRepository.cpp
Examining data/oggvideotools-0.9.1/src/base/oggRingbuffer.cpp
Examining data/oggvideotools-0.9.1/src/base/mediaOutputDecoder.cpp
Examining data/oggvideotools-0.9.1/src/base/test/encoderTest.cpp
Examining data/oggvideotools-0.9.1/src/base/test/decoderTest.cpp
Examining data/oggvideotools-0.9.1/src/base/mediaOutputDecoder.h
Examining data/oggvideotools-0.9.1/src/base/oggPacket.h
Examining data/oggvideotools-0.9.1/src/base/mediaUnit.h
Examining data/oggvideotools-0.9.1/src/base/streamExtractor.h
Examining data/oggvideotools-0.9.1/src/base/mediaInputEncoder.cpp
Examining data/oggvideotools-0.9.1/src/base/bufferRepository.cpp
Examining data/oggvideotools-0.9.1/src/base/mediaConverter.cpp
Examining data/oggvideotools-0.9.1/src/base/fileRepository.cpp
Examining data/oggvideotools-0.9.1/src/base/streamParameter.cpp
Examining data/oggvideotools-0.9.1/src/base/refObject.h
Examining data/oggvideotools-0.9.1/src/base/oggComment.cpp
Examining data/oggvideotools-0.9.1/src/base/mediaConverter.h
Examining data/oggvideotools-0.9.1/src/base/oggDecoder.cpp
Examining data/oggvideotools-0.9.1/src/base/streamConfig.h
Examining data/oggvideotools-0.9.1/src/base/oggEncoder.cpp
Examining data/oggvideotools-0.9.1/src/base/rawMediaPacket.cpp
Examining data/oggvideotools-0.9.1/src/base/oggRingbuffer.h
Examining data/oggvideotools-0.9.1/src/base/mediaInputEncoder.h
Examining data/oggvideotools-0.9.1/src/base/mediaDecoder.cpp
Examining data/oggvideotools-0.9.1/src/base/granulePosInterpreter.cpp
Examining data/oggvideotools-0.9.1/src/base/oggPage.cpp
Examining data/oggvideotools-0.9.1/src/base/oggComment.h
Examining data/oggvideotools-0.9.1/src/base/mediaEncoder.cpp
Examining data/oggvideotools-0.9.1/src/base/oggPacket.cpp
Examining data/oggvideotools-0.9.1/src/base/oggPage.h
Examining data/oggvideotools-0.9.1/src/base/oggStreamDecoder.cpp
Examining data/oggvideotools-0.9.1/src/base/oggStreamEncoder.cpp
Examining data/oggvideotools-0.9.1/src/base/oggTypes.h
Examining data/oggvideotools-0.9.1/src/base/mediaDecoder.h
Examining data/oggvideotools-0.9.1/src/base/fileRepository.h
Examining data/oggvideotools-0.9.1/src/base/oggDecoder.h
Examining data/oggvideotools-0.9.1/src/base/mediaEncoder.h
Examining data/oggvideotools-0.9.1/src/base/oggDecoderFactory.h
Examining data/oggvideotools-0.9.1/src/base/streamParameter.h
Examining data/oggvideotools-0.9.1/src/base/streamExtractor.cpp
Examining data/oggvideotools-0.9.1/src/base/rawMediaPacket.h
Examining data/oggvideotools-0.9.1/src/base/granulePosInterpreter.h
Examining data/oggvideotools-0.9.1/src/base/oggStreamDecoder.h
Examining data/oggvideotools-0.9.1/src/base/oggHeader.h
Examining data/oggvideotools-0.9.1/src/base/oggEncoder.h
Examining data/oggvideotools-0.9.1/src/base/mediaUnit.cpp
Examining data/oggvideotools-0.9.1/src/base/bufferRepository.h
Examining data/oggvideotools-0.9.1/src/base/mediaRepository.h
Examining data/oggvideotools-0.9.1/src/base/oggDecoderFactory.cpp
Examining data/oggvideotools-0.9.1/src/base/oggStreamEncoder.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisExtractor.cpp
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisExtractor.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisStreamParameter.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisDecoder.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisEncoder.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisHeader.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/audioPacket.cpp
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisStreamParameter.cpp
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisPosInterpreter.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisPosInterpreter.cpp
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisDecoder.cpp
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/audioPacket.h
Examining data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisEncoder.cpp
Examining data/oggvideotools-0.9.1/src/effect/pictureBlend.cpp
Examining data/oggvideotools-0.9.1/src/effect/effector.cpp
Examining data/oggvideotools-0.9.1/src/effect/shiftblendEffect.cpp
Examining data/oggvideotools-0.9.1/src/effect/lowpassEffect.cpp
Examining data/oggvideotools-0.9.1/src/effect/pictureBlend.h
Examining data/oggvideotools-0.9.1/src/effect/effectorTypes.h
Examining data/oggvideotools-0.9.1/src/effect/effectorVisitor.h
Examining data/oggvideotools-0.9.1/src/effect/shiftEffect.h
Examining data/oggvideotools-0.9.1/src/effect/basePlane.cpp
Examining data/oggvideotools-0.9.1/src/effect/basePlane.h
Examining data/oggvideotools-0.9.1/src/effect/rgbPlane.cpp
Examining data/oggvideotools-0.9.1/src/effect/pictureResize.cpp
Examining data/oggvideotools-0.9.1/src/effect/blendElement.h
Examining data/oggvideotools-0.9.1/src/effect/plainPicture.cpp
Examining data/oggvideotools-0.9.1/src/effect/lowpassEffect.h
Examining data/oggvideotools-0.9.1/src/effect/crossfader.h
Examining data/oggvideotools-0.9.1/src/effect/rgbPlane.h
Examining data/oggvideotools-0.9.1/src/effect/shiftEffect.cpp
Examining data/oggvideotools-0.9.1/src/effect/pictureResize.h
Examining data/oggvideotools-0.9.1/src/effect/crossfader.cpp
Examining data/oggvideotools-0.9.1/src/effect/shiftblendEffect.h
Examining data/oggvideotools-0.9.1/src/effect/effectorVisitor.cpp
Examining data/oggvideotools-0.9.1/src/effect/kenburnseffect.h
Examining data/oggvideotools-0.9.1/src/effect/plainPicture.h
Examining data/oggvideotools-0.9.1/src/effect/pictureLoader.h
Examining data/oggvideotools-0.9.1/src/effect/blendElement.cpp
Examining data/oggvideotools-0.9.1/src/effect/kenburnseffect.cpp
Examining data/oggvideotools-0.9.1/src/effect/pictureLoader.cpp
Examining data/oggvideotools-0.9.1/src/effect/effectorTypes.cpp
Examining data/oggvideotools-0.9.1/src/effect/effector.h
Examining data/oggvideotools-0.9.1/src/main/audioConverter.cpp
Examining data/oggvideotools-0.9.1/src/main/videoHook.cpp
Examining data/oggvideotools-0.9.1/src/main/videoHook.h
Examining data/oggvideotools-0.9.1/src/main/oggBOSExtractorFactory.h
Examining data/oggvideotools-0.9.1/src/main/cmdlineextractor.cpp
Examining data/oggvideotools-0.9.1/src/main/streamMux.h
Examining data/oggvideotools-0.9.1/src/main/audioHook.h
Examining data/oggvideotools-0.9.1/src/main/streamSerializer.cpp
Examining data/oggvideotools-0.9.1/src/main/audioConverter.h
Examining data/oggvideotools-0.9.1/src/main/hookHandler.h
Examining data/oggvideotools-0.9.1/src/main/cmdlineextractor.h
Examining data/oggvideotools-0.9.1/src/main/audioHook.cpp
Examining data/oggvideotools-0.9.1/src/main/streamSerializer.h
Examining data/oggvideotools-0.9.1/src/main/streamMux.cpp
Examining data/oggvideotools-0.9.1/src/main/hookHandler.cpp
Examining data/oggvideotools-0.9.1/src/main/oggBOSExtractorFactory.cpp
Examining data/oggvideotools-0.9.1/src/ovt_kate/katePosInterpreter.cpp
Examining data/oggvideotools-0.9.1/src/ovt_kate/kateExtractor.cpp
Examining data/oggvideotools-0.9.1/src/ovt_kate/kateStreamParameter.cpp
Examining data/oggvideotools-0.9.1/src/ovt_kate/kateExtractor.h
Examining data/oggvideotools-0.9.1/src/ovt_kate/kateHeader.h
Examining data/oggvideotools-0.9.1/src/ovt_kate/katePosInterpreter.h
Examining data/oggvideotools-0.9.1/src/ovt_kate/kateStreamParameter.h
Examining data/oggvideotools-0.9.1/src/misc/crc.cpp
Examining data/oggvideotools-0.9.1/src/misc/ringbuffer.h
Examining data/oggvideotools-0.9.1/src/misc/helper.cpp
Examining data/oggvideotools-0.9.1/src/misc/helper.h
Examining data/oggvideotools-0.9.1/src/misc/crc.h
Examining data/oggvideotools-0.9.1/src/misc/log.cpp
Examining data/oggvideotools-0.9.1/src/misc/log.h
Examining data/oggvideotools-0.9.1/src/misc/ringbuffer.cpp
Examining data/oggvideotools-0.9.1/src/exception.h
Examining data/oggvideotools-0.9.1/src/libresample/resample.c
Examining data/oggvideotools-0.9.1/src/libresample/config.h
Examining data/oggvideotools-0.9.1/src/libresample/libresample.h
Examining data/oggvideotools-0.9.1/src/libresample/configtemplate.h
Examining data/oggvideotools-0.9.1/src/libresample/resample_defs.h
Examining data/oggvideotools-0.9.1/src/libresample/filterkit.h
Examining data/oggvideotools-0.9.1/src/libresample/filterkit.c
Examining data/oggvideotools-0.9.1/src/libresample/resamplesubs.c
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraHeader.h
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraPosInterpreter.h
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraEncoder.h
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraDecoder.cpp
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraExtractor.cpp
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraEncoder.cpp
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraStreamParameter.h
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraPosInterpreter.cpp
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraExtractor.h
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraDecoder.h
Examining data/oggvideotools-0.9.1/src/ovt_theora/theoraStreamParameter.cpp
Examining data/oggvideotools-0.9.1/src/th_helper.h
Examining data/oggvideotools-0.9.1/src/wishList.h
Examining data/oggvideotools-0.9.1/src/binaries/oggCat.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggSplit.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggJoin.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggTranscode.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggDump.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggCut.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggLength.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggSilence.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggSlideshow.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggScroll.cpp
Examining data/oggvideotools-0.9.1/src/binaries/oggThumb.cpp
Examining data/oggvideotools-0.9.1/src/theoraVideoPacket.h
Examining data/oggvideotools-0.9.1/src/theoraVideoPacket.cpp
Examining data/oggvideotools-0.9.1/src/videoInfo.h
Examining data/oggvideotools-0.9.1/src/definition.h
Examining data/oggvideotools-0.9.1/src/theoraConfig.h
Examining data/oggvideotools-0.9.1/src/theoraConfig.cpp
FINAL RESULTS:
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:176:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((uint) time(0));
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:179:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hp:d:q:o:D:s:f:F:N:tC:c:r:x")) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggCut.cpp:120:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/oggvideotools-0.9.1/src/binaries/oggCut.cpp:123:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hi:o:s:e:l:")) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggDump.cpp:158:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hgpl:so:")) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggLength.cpp:52:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hvtVT")) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggScroll.cpp:86:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "h")) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggSilence.cpp:83:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/oggvideotools-0.9.1/src/binaries/oggSilence.cpp:86:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "ho:d:n:r:l:")) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggSlideshow.cpp:106:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/oggvideotools-0.9.1/src/binaries/oggSlideshow.cpp:111:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hp:f:o:l:d:r:t:s:ec:q:")) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggThumb.cpp:270:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "hf:t:s:o:n:v:", longOpts, NULL)) != EOF)
data/oggvideotools-0.9.1/src/binaries/oggTranscode.cpp:300:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( (int) time(0) );
data/oggvideotools-0.9.1/src/binaries/oggTranscode.cpp:303:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( (opt = getopt(argc, argv, "hs:f:d:tD:c:C:N:F:a:A:q:p:xr:o:Q:") ) != EOF)
data/oggvideotools-0.9.1/src/base/fileRepository.cpp:44:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fileDescriptor = fopen(filename.c_str(), "wb")) == 0)
data/oggvideotools-0.9.1/src/base/fileRepository.cpp:51:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fileDescriptor = fopen(filename.c_str(), "rb")) == 0)
data/oggvideotools-0.9.1/src/base/oggDecoder.cpp:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char starter[5];
data/oggvideotools-0.9.1/src/base/oggHeader.h:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ogg[4];
data/oggvideotools-0.9.1/src/base/oggHeader.h:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typeName[6];
data/oggvideotools-0.9.1/src/base/oggPacket.cpp:46:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, pkt.packet, pkt.bytes);
data/oggvideotools-0.9.1/src/base/oggPacket.cpp:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_data, data, length);
data/oggvideotools-0.9.1/src/base/oggPacket.cpp:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_data, &data[0], data.size());
data/oggvideotools-0.9.1/src/base/oggPacket.cpp:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, m_oggPacket.packet, m_oggPacket.bytes);
data/oggvideotools-0.9.1/src/base/oggRingbuffer.cpp:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char starter[5];
data/oggvideotools-0.9.1/src/base/oggStreamDecoder.cpp:148:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPacketPtr, m_tmpSegment.data, m_tmpSegment.length);
data/oggvideotools-0.9.1/src/base/oggStreamDecoder.cpp:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPacketPtr+m_tmpSegment.length, segmentDataList[i].data, segmentDataList[i].length);
data/oggvideotools-0.9.1/src/base/oggStreamEncoder.cpp:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->ogg,"OggS",4);
data/oggvideotools-0.9.1/src/base/oggStreamEncoder.cpp:279:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(body+arrayIndex, pkt->data()+m_usedData, cpyLength);
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:193:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wishList.videoDatarate = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:198:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wishList.audioDatarate = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:203:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wishList.videoQuality = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:249:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wishList.audioSamplerate = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:254:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wishList.audioChannels = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:328:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!serializer->open(baseFile)) {
data/oggvideotools-0.9.1/src/binaries/oggCat.cpp:551:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!serializer.open(filename)) {
data/oggvideotools-0.9.1/src/binaries/oggCut.cpp:203:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!streamSerializer.open(inputFile)) {
data/oggvideotools-0.9.1/src/binaries/oggDump.cpp:74:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outStream.open(outFilename.c_str());
data/oggvideotools-0.9.1/src/binaries/oggDump.cpp:76:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!serializer.open(file)) {
data/oggvideotools-0.9.1/src/binaries/oggDump.cpp:183:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dumpLevel = atoi(optarg); // yes, I know the atoi bug
data/oggvideotools-0.9.1/src/binaries/oggDump.cpp:214:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outStream.open(outFilename.c_str());
data/oggvideotools-0.9.1/src/binaries/oggLength.cpp:86:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!streamSerializer.open(inputFile)) {
data/oggvideotools-0.9.1/src/binaries/oggScroll.cpp:117:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!streamSerializer.open(inputFile)) {
data/oggvideotools-0.9.1/src/binaries/oggSilence.cpp:95:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
datarate = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggSilence.cpp:103:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channels = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggSilence.cpp:107:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
samplerate = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggSilence.cpp:111:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = CmdlineExtractor::atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggSlideshow.cpp:134:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
quality = atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggSlideshow.cpp:138:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framesPerSecond = atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggSlideshow.cpp:150:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
datarate = atoi(optarg);
data/oggvideotools-0.9.1/src/binaries/oggThumb.cpp:409:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!streamSerializer.open(filename)) {
data/oggvideotools-0.9.1/src/binaries/oggTranscode.cpp:478:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !inStream.open(inputFile) ) {
data/oggvideotools-0.9.1/src/effect/pictureLoader.cpp:47:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(filename.c_str(), "rb");
data/oggvideotools-0.9.1/src/effect/pictureLoader.cpp:204:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* out = fopen(filename.c_str(), "wb");
data/oggvideotools-0.9.1/src/effect/pictureResize.cpp:751:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retRgbaPlane, pic1RgbaPlane, width*sizeof(uint32));
data/oggvideotools-0.9.1/src/effect/pictureResize.cpp:752:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retRgbaPlane+width, pic2RgbaPlane, width*sizeof(uint32));
data/oggvideotools-0.9.1/src/libresample/resample.c:61:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hp->Imp, cpy->Imp, hp->Nwing * sizeof(float));
data/oggvideotools-0.9.1/src/libresample/resample.c:63:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hp->ImpD, cpy->ImpD, hp->Nwing * sizeof(float));
data/oggvideotools-0.9.1/src/libresample/resample.c:68:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hp->X, cpy->X, (hp->XSize + hp->Xoff) * sizeof(float));
data/oggvideotools-0.9.1/src/libresample/resample.c:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hp->Y, cpy->Y, hp->YSize * sizeof(float));
data/oggvideotools-0.9.1/src/main/cmdlineextractor.cpp:203:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32 CmdlineExtractor::atoi(const std::string& _argument)
data/oggvideotools-0.9.1/src/main/cmdlineextractor.h:56:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
static uint32 atoi(const std::string& _argument);
data/oggvideotools-0.9.1/src/main/streamSerializer.cpp:62:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool StreamSerializer::open(std::string& datasource)
data/oggvideotools-0.9.1/src/main/streamSerializer.cpp:88:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool StreamSerializer::open(MediaRepository* _repository)
data/oggvideotools-0.9.1/src/main/streamSerializer.h:90:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(std::string& datasource);
data/oggvideotools-0.9.1/src/main/streamSerializer.h:91:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(MediaRepository* _repository);
data/oggvideotools-0.9.1/src/misc/helper.cpp:11:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open (filename.c_str());
data/oggvideotools-0.9.1/src/misc/ringbuffer.cpp:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fifo.data()+begin,data.data(),len);
data/oggvideotools-0.9.1/src/misc/ringbuffer.cpp:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fifo.data()+begin,data.data(),part1);
data/oggvideotools-0.9.1/src/misc/ringbuffer.cpp:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fifo.data(),data.data()+part1,part2);
data/oggvideotools-0.9.1/src/misc/ringbuffer.cpp:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fifo.data()+end, part1);
data/oggvideotools-0.9.1/src/misc/ringbuffer.cpp:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+part1, fifo.data(), part2);
data/oggvideotools-0.9.1/src/misc/ringbuffer.cpp:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fifo.data()+end, len);
data/oggvideotools-0.9.1/src/ovt_kate/kateHeader.h:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[16];
data/oggvideotools-0.9.1/src/ovt_kate/kateHeader.h:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char category[16];
data/oggvideotools-0.9.1/src/ovt_vorbis/audioPacket.cpp:85:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcmData[channel], _dataPtr, length*sizeof(float));
data/oggvideotools-0.9.1/src/ovt_vorbis/vorbisEncoder.cpp:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer[i], aPacket->getDataOfChannel(i), aPacket->getLength()*sizeof(float));
data/oggvideotools-0.9.1/src/base/fileRepository.cpp:33:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
: MediaRepository(read, "FileRepository"), fileDescriptor(0), filename(""), bunchSize(4096),
data/oggvideotools-0.9.1/src/base/fileRepository.cpp:104:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (mediaDirection == read) {
data/oggvideotools-0.9.1/src/base/mediaRepository.cpp:26:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
: MediaUnit(MediaUnit::read, std::string("")), repositoryAvailable(false)
data/oggvideotools-0.9.1/src/base/mediaUnit.h:42:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read,
data/oggvideotools-0.9.1/src/binaries/oggDump.cpp:218:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FileRepository repository(analysisFile, MediaUnit::read);
data/oggvideotools-0.9.1/src/binaries/oggJoin.cpp:114:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newElement->repository = FileRepository(argv[i], MediaUnit::read);
data/oggvideotools-0.9.1/src/binaries/oggScroll.cpp:72:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
character = getchar();
data/oggvideotools-0.9.1/src/binaries/oggSplit.cpp:69:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FileRepository repository(argv[1], MediaUnit::read);
data/oggvideotools-0.9.1/src/main/streamSerializer.cpp:66:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
repository = new FileRepository(datasource, MediaUnit::read);
ANALYSIS SUMMARY:
Hits = 85
Lines analyzed = 19398 in approximately 0.45 seconds (42735 lines/second)
Physical Source Lines of Code (SLOC) = 11861
Hits@level = [0] 10 [1] 9 [2] 62 [3] 14 [4] 0 [5] 0
Hits@level+ = [0+] 95 [1+] 85 [2+] 76 [3+] 14 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.00944 [1+] 7.16634 [2+] 6.40755 [3+] 1.18034 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.