Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/osmo-trx-0.4.0/GSM/GSMCommon.h Examining data/osmo-trx-0.4.0/GSM/GSMCommon.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/sigProcLib.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/Transceiver.h Examining data/osmo-trx-0.4.0/Transceiver52M/radioClock.h Examining data/osmo-trx-0.4.0/Transceiver52M/Synthesis.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/Synthesis.h Examining data/osmo-trx-0.4.0/Transceiver52M/Resampler.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/radioInterface.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/radioInterface.h Examining data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.h Examining data/osmo-trx-0.4.0/Transceiver52M/Resampler.h Examining data/osmo-trx-0.4.0/Transceiver52M/Channelizer.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/radioInterfaceMulti.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/ChannelizerBase.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/Complex.h Examining data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/device/radioDevice.h Examining data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.h Examining data/osmo-trx-0.4.0/Transceiver52M/signalVector.h Examining data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/signalVector.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/radioClock.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/sigProcLib.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convolve_sse_3.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convolve.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convert_sse_3.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convert_sse_3.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convert_sse_4_1.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convolve_sse_3.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convert_sse_4_1.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/x86/convert.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/arm/convolve.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/arm/mult.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/arm/scale.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/arm/convert.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/convert.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/convert_base.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/convolve.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/scale.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/convolve_base.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/fft.c Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/mult.h Examining data/osmo-trx-0.4.0/Transceiver52M/arch/common/fft.h Examining data/osmo-trx-0.4.0/Transceiver52M/ChannelizerBase.h Examining data/osmo-trx-0.4.0/Transceiver52M/radioInterfaceResamp.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/radioVector.h Examining data/osmo-trx-0.4.0/Transceiver52M/Channelizer.h Examining data/osmo-trx-0.4.0/Transceiver52M/radioVector.cpp Examining data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp Examining data/osmo-trx-0.4.0/tests/Transceiver52M/convolve_test.c Examining data/osmo-trx-0.4.0/tests/CommonLibs/SocketsTest.cpp Examining data/osmo-trx-0.4.0/tests/CommonLibs/LogTest.cpp Examining data/osmo-trx-0.4.0/tests/CommonLibs/BitVectorTest.cpp Examining data/osmo-trx-0.4.0/tests/CommonLibs/TimevalTest.cpp Examining data/osmo-trx-0.4.0/tests/CommonLibs/InterthreadTest.cpp Examining data/osmo-trx-0.4.0/tests/CommonLibs/PRBSTest.cpp Examining data/osmo-trx-0.4.0/tests/CommonLibs/VectorTest.cpp Examining data/osmo-trx-0.4.0/CommonLibs/config_defs.h Examining data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp Examining data/osmo-trx-0.4.0/CommonLibs/BitVector.h Examining data/osmo-trx-0.4.0/CommonLibs/Timeval.cpp Examining data/osmo-trx-0.4.0/CommonLibs/debug.h Examining data/osmo-trx-0.4.0/CommonLibs/Threads.cpp Examining data/osmo-trx-0.4.0/CommonLibs/Threads.h Examining data/osmo-trx-0.4.0/CommonLibs/BitVector.cpp Examining data/osmo-trx-0.4.0/CommonLibs/Logger.h Examining data/osmo-trx-0.4.0/CommonLibs/Logger.cpp Examining data/osmo-trx-0.4.0/CommonLibs/Sockets.h Examining data/osmo-trx-0.4.0/CommonLibs/LinkedLists.h Examining data/osmo-trx-0.4.0/CommonLibs/Timeval.h Examining data/osmo-trx-0.4.0/CommonLibs/Vector.h Examining data/osmo-trx-0.4.0/CommonLibs/PRBS.h Examining data/osmo-trx-0.4.0/CommonLibs/debug.c Examining data/osmo-trx-0.4.0/CommonLibs/trx_vty.c Examining data/osmo-trx-0.4.0/CommonLibs/trx_vty.h Examining data/osmo-trx-0.4.0/CommonLibs/Interthread.h Examining data/osmo-trx-0.4.0/CommonLibs/LinkedLists.cpp FINAL RESULTS: data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:559:37: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. std::string devString = prop_tree->access<std::string>("/name").get(); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:200:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. GSM::Time startTime(random() % gHyperframe, 0); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:214:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "ha:l:i:j:p:c:dmxgfo:s:b:r:A:R:Set:y:z:C:")) != -1) { data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:562:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/osmo-trx-0.4.0/tests/CommonLibs/InterthreadTest.cpp:52:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random()%2) sleep(1); data/osmo-trx-0.4.0/tests/CommonLibs/InterthreadTest.cpp:88:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random()%2) sleep(1); data/osmo-trx-0.4.0/tests/Transceiver52M/convolve_test.c:29:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpBuffer[2048]; data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:101:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(address->sin_addr), hp->h_addr_list[0], hp->h_length); data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:229:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(wSrcPort, wSrcIP); data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:237:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(wSrcPort, wSrcIP); data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:249:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void UDPSocket::open(unsigned short localPort, const char *wlocalIP) data/osmo-trx-0.4.0/CommonLibs/Sockets.h:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mDestination[256]; ///< address to which packets are sent data/osmo-trx-0.4.0/CommonLibs/Sockets.h:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mSource[256]; ///< return address of most recent received packet data/osmo-trx-0.4.0/CommonLibs/Sockets.h:160:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(unsigned short localPort=0, const char *wlocalIP="127.0.0.1"); data/osmo-trx-0.4.0/CommonLibs/Vector.h:110:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mData,other.mStart,other.bytes()); data/osmo-trx-0.4.0/CommonLibs/Vector.h:144:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mStart, other1.mStart, other1.bytes()); data/osmo-trx-0.4.0/CommonLibs/Vector.h:145:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mStart+other1.size(), other2.mStart, other2.bytes()); data/osmo-trx-0.4.0/CommonLibs/Vector.h:210:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(base,mStart,span*sizeof(T)); data/osmo-trx-0.4.0/CommonLibs/Vector.h:229:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(other.mStart,base,span*sizeof(T)); data/osmo-trx-0.4.0/CommonLibs/trx_vty.c:129:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.base_port = atoi(argv[0]); data/osmo-trx-0.4.0/CommonLibs/trx_vty.c:153:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.tx_sps = atoi(argv[0]); data/osmo-trx-0.4.0/CommonLibs/trx_vty.c:165:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.rx_sps = atoi(argv[0]); data/osmo-trx-0.4.0/CommonLibs/trx_vty.c:184:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.rtsc = atoi(argv[0]); data/osmo-trx-0.4.0/CommonLibs/trx_vty.c:211:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.rach_delay = atoi(argv[0]); data/osmo-trx-0.4.0/CommonLibs/trx_vty.c:314:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.sched_rr = atoi(argv[0]); data/osmo-trx-0.4.0/CommonLibs/trx_vty.c:337:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int idx = atoi(argv[0]); data/osmo-trx-0.4.0/Transceiver52M/Channelizer.cpp:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hInputs[i][2 * -hLen], hist[i], hSize); data/osmo-trx-0.4.0/Transceiver52M/Channelizer.cpp:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hist[i], &hInputs[i][2 * (blockLen - hLen)], hSize); data/osmo-trx-0.4.0/Transceiver52M/ChannelizerBase.cpp:50:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, buf, 2 * len * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/Synthesis.cpp:99:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hInputs[i][2 * -hLen], hist[i], hSize); data/osmo-trx-0.4.0/Transceiver52M/Synthesis.cpp:100:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hist[i], &hInputs[i][2 * (blockLen - hLen)], hSize); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:688:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PACKET_LENGTH + 1]; data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:689:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response[MAX_PACKET_LENGTH + 1]; data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:713:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP POWEROFF 0"); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:716:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP POWERON 1"); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:718:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP POWERON 0"); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:728:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response, "RSP NOHANDOVER 1 %u %u", ts, ss); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:731:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response, "RSP HANDOVER 0 %u %u", ts, ss); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:737:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response, "RSP NOHANDOVER 1 %u %u", ts, ss); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:740:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response, "RSP NOHANDOVER 0 %u %u", ts, ss); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:747:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP SETMAXDLY 0 %d",maxDelay); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:753:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP SETMAXDLYNB 0 %d",maxDelay); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:759:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP SETRXGAIN 0 %d",newGain); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:763:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP NOISELEV 0 %d", data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:767:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP NOISELEV 1 0"); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:774:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response, "RSP SETPOWER 0 %d", power); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:781:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response, "RSP ADJPOWER 0 %d", power); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:789:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP RXTUNE 1 %d",freqKhz); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:792:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP RXTUNE 0 %d",freqKhz); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:800:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP TXTUNE 1 %d",freqKhz); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:803:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP TXTUNE 0 %d",freqKhz); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:809:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response, "RSP SETTSC 1 %d", TSC); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:813:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP SETTSC 0 %d", TSC); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:822:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP SETSLOT 1 %d %d",timeslot,corrCode); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:827:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP SETSLOT 0 %d %d",timeslot,corrCode); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:834:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP _SETBURSTTODISKMASK 0 %d",mask); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:837:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(response,"RSP ERR 1"); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:846:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[EDGE_BURST_NBITS + 50]; data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:940:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char burstString[nbits + 10]; data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:1014:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[50]; data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:1016:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command,"IND CLOCK %llu",(unsigned long long) (mTransmitDeadlineClock.FN()+2)); data/osmo-trx-0.4.0/Transceiver52M/device/radioDevice.h:58:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual int open(const std::string &args, int ref, bool swap_channels)=0; data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:216:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const std::string &args, int ref, bool swap_channels); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:604:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int major_val = atoi(major_str.c_str()); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:605:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int minor_val = atoi(minor_str.c_str()); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:654:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int uhd_device::open(const std::string &args, int ref, bool swap_channels) data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1477:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data + read_start, numBytes); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1482:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data + read_start, first_cp); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1483:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*) buf + first_cp, data, second_cp); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1529:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + write_start, buf, numBytes); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1534:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + write_start, buf, first_cp); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1535:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, (char*) buf + first_cp, second_cp); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:91:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int USRPDevice::open(const std::string &, int, bool) data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:445:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data+cursorStart*2,tmpBuf+2,(currDataSize-cursorStart*2)*sizeof(short)); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:446:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data,tmpBuf+2+(currDataSize/2-cursorStart),payloadSz-(currDataSize-cursorStart*2)*sizeof(short)); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:449:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data+cursorStart*2,tmpBuf+2,payloadSz); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:463:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,data+bufStart*2,len*2*sizeof(short)); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:470:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,data+bufStart*2,firstLength*2*sizeof(short)); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:472:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+firstLength*2,data,(len-firstLength)*2*sizeof(short)); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:496:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,loopbackBuffer,sizeof(short)*2*numSamplesToRead); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:498:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(loopbackBuffer,loopbackBuffer+2*numSamplesToRead, data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:550:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt+2,buf+(numWritten/sizeof(short)),payloadLen); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(loopbackBuffer+loopbackBufferSize,buf,sizeof(short)*2*len); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.h:102:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const std::string &, int, bool); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:226:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_set_log_level(osmo_stderr_target, atoi(optarg)); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:238:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.base_port = atoi(optarg); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:242:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.num_chans = atoi(optarg); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:266:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.tx_sps = atoi(optarg); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:270:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.rx_sps = atoi(optarg); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:275:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.rtsc = atoi(optarg); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:282:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.rach_delay = atoi(optarg); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:299:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trx->cfg.sched_rr = atoi(optarg); data/osmo-trx-0.4.0/Transceiver52M/osmo-trx.cpp:444:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). type = usrp->open(charp2str(trx->cfg.dev_args), trx->cfg.clock_ref, trx->cfg.swap_channels); data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:115:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[2 * (writeIndex + hLen)], data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:120:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[2 * (writeIndex + hLen)], wr, len0 * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:121:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[2 * hLen], &wr[2 * len0], len1 * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:216:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd, &buffer[2 * readIndex], len * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:220:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd, &buffer[2 * readIndex], len0 * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:221:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rd[2 * len0], buffer, len1 * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/radioInterfaceMulti.cpp:278:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[2 * -hLen], history[lchan]->begin(), hSize); data/osmo-trx-0.4.0/Transceiver52M/radioInterfaceMulti.cpp:279:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(history[lchan]->begin(), &buf[2 * (cLen - hLen)], hSize); data/osmo-trx-0.4.0/Transceiver52M/sigProcLib.cpp:1265:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_midMidamble->begin(), midMidamble->begin(), data/osmo-trx-0.4.0/Transceiver52M/sigProcLib.cpp:1322:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_midamble->begin(), midamble->begin(), data/osmo-trx-0.4.0/Transceiver52M/sigProcLib.cpp:1363:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_seq1->begin(), seq1->begin(), seq1->size() * sizeof(complex)); data/osmo-trx-0.4.0/Transceiver52M/sigProcLib.cpp:1460:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in.begin(), burst.begin(), DOWNSAMPLE_IN_LEN * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/signalVector.cpp:44:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mData, vector.mData, bytes()); data/osmo-trx-0.4.0/tests/CommonLibs/BitVectorTest.cpp:53:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ts[9] = "abcdefgh"; data/osmo-trx-0.4.0/tests/CommonLibs/SocketsTest.cpp:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_UDP_LENGTH] = { 0 }; data/osmo-trx-0.4.0/CommonLibs/BitVector.cpp:59:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). :Vector<char>(strlen(valString)) data/osmo-trx-0.4.0/CommonLibs/Interthread.h:97:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). T* read() data/osmo-trx-0.4.0/CommonLibs/Interthread.h:120:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). T* read(unsigned timeout) data/osmo-trx-0.4.0/CommonLibs/Interthread.h:204:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). T* read() data/osmo-trx-0.4.0/CommonLibs/Interthread.h:227:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). T* read(unsigned timeout) data/osmo-trx-0.4.0/CommonLibs/Interthread.h:317:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). T* read() data/osmo-trx-0.4.0/CommonLibs/Interthread.h:334:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). T* read(unsigned timeout) data/osmo-trx-0.4.0/CommonLibs/Interthread.h:518:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). D* read(const K &key, unsigned timeout) const data/osmo-trx-0.4.0/CommonLibs/Interthread.h:538:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). D* read(const K &key) const data/osmo-trx-0.4.0/CommonLibs/Interthread.h:623:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). T* read() data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:164:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length=strlen(message)+1; data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:170:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length=strlen(message)+1; data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:186:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length=strlen(message)+1; data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:190:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int DatagramSocket::read(char* buffer, size_t length) data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:203:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int DatagramSocket::read(char* buffer, size_t length, unsigned timeout) data/osmo-trx-0.4.0/CommonLibs/Sockets.cpp:217:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (FD_ISSET(mSocketFD,&fds)) return read(buffer, length); data/osmo-trx-0.4.0/CommonLibs/Sockets.h:111:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(char* buffer, size_t length); data/osmo-trx-0.4.0/CommonLibs/Sockets.h:119:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(char* buffer, size_t length, unsigned timeout); data/osmo-trx-0.4.0/CommonLibs/Timeval.h:37:30: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. inline void msleep(long v) { usleep(v*1000); } data/osmo-trx-0.4.0/Transceiver52M/ChannelizerBase.cpp:90:5: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. memalign(16, hLen * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/Resampler.cpp:61:29: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. part = (complex<float> *) memalign(16, filt_len * sizeof(complex<float>)); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:559:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). radioVector *radio_burst = mReceiveFIFO[chan]->read(); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:667:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cmd_len = strlen(cmd); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:694:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). msgLen = mCtrlSockets[chan]->read(buffer, MAX_PACKET_LENGTH); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:840:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mCtrlSockets[chan]->write(response, strlen(response) + 1); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:849:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t msgLen = mDataSockets[chan]->read(buffer, sizeof(buffer)); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:889:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(100000); data/osmo-trx-0.4.0/Transceiver52M/Transceiver.cpp:1020:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mClockSocket.write(command, strlen(command) + 1); data/osmo-trx-0.4.0/Transceiver52M/arch/common/convolve_base.c:152:9: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. return memalign(16, len * 2 * sizeof(float)); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:165:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read(void *buf, size_t len, TIMESTAMP timestamp); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:166:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read(void *buf, size_t len, uhd::time_spec_t timestamp); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1014:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = rx_buffers[i]->read(bufs[i], len, timestamp); data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1454:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t smpl_buf::read(void *buf, size_t len, TIMESTAMP timestamp) data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1495:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t smpl_buf::read(void *buf, size_t len, uhd::time_spec_t ts) data/osmo-trx-0.4.0/Transceiver52M/device/uhd/UHDDevice.cpp:1497:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(buf, len, ts.to_ticks(clk_rt)); data/osmo-trx-0.4.0/Transceiver52M/device/usrp1/USRPDevice.cpp:397:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readLen = m_uRx->read((void *)readBuf,readLen,overrun); data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.cpp:202:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool RadioBuffer::read(float *rd, size_t len) data/osmo-trx-0.4.0/Transceiver52M/radioBuffer.h:37:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(float *rd, size_t len); data/osmo-trx-0.4.0/Transceiver52M/radioInterface.cpp:133:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). recvBuffer[chan]->read((float *) newVector->begin(), newVector->size()); data/osmo-trx-0.4.0/tests/CommonLibs/InterthreadTest.cpp:64:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int *p = gQ.read(); data/osmo-trx-0.4.0/tests/CommonLibs/InterthreadTest.cpp:96:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int *p = gMap.read(i); data/osmo-trx-0.4.0/tests/CommonLibs/SocketsTest.cpp:51:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int count = readSocket->read(buf, MAX_UDP_LENGTH); data/osmo-trx-0.4.0/tests/CommonLibs/TimevalTest.cpp:44:2: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(10000); data/osmo-trx-0.4.0/tests/CommonLibs/TimevalTest.cpp:56:3: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(500000); ANALYSIS SUMMARY: Hits = 154 Lines analyzed = 16260 in approximately 0.41 seconds (39865 lines/second) Physical Source Lines of Code (SLOC) = 10341 Hits@level = [0] 60 [1] 44 [2] 103 [3] 6 [4] 1 [5] 0 Hits@level+ = [0+] 214 [1+] 154 [2+] 110 [3+] 7 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 20.6943 [1+] 14.8922 [2+] 10.6373 [3+] 0.676917 [4+] 0.0967024 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.