Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pd-iemlib-1.22.1/alias/any.c
Examining data/pd-iemlib-1.22.1/alias/for_pp.c
Examining data/pd-iemlib-1.22.1/alias/ii.c
Examining data/pd-iemlib-1.22.1/alias/pp.c
Examining data/pd-iemlib-1.22.1/alias/tm.c
Examining data/pd-iemlib-1.22.1/alias/unsym.c
Examining data/pd-iemlib-1.22.1/iem_mp3/src/iem_mp3.c
Examining data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c
Examining data/pd-iemlib-1.22.1/include/iemlib.h
Examining data/pd-iemlib-1.22.1/src/FIR~.c
Examining data/pd-iemlib-1.22.1/src/LFO_noise~.c
Examining data/pd-iemlib-1.22.1/src/add2_comma.c
Examining data/pd-iemlib-1.22.1/src/aspeedlim.c
Examining data/pd-iemlib-1.22.1/src/biquad_freq_resp.c
Examining data/pd-iemlib-1.22.1/src/bpe.c
Examining data/pd-iemlib-1.22.1/src/db2v.c
Examining data/pd-iemlib-1.22.1/src/dollarg.c
Examining data/pd-iemlib-1.22.1/src/exp_inc.c
Examining data/pd-iemlib-1.22.1/src/f2note.c
Examining data/pd-iemlib-1.22.1/src/fade~.c
Examining data/pd-iemlib-1.22.1/src/filter~.c
Examining data/pd-iemlib-1.22.1/src/float24.c
Examining data/pd-iemlib-1.22.1/src/for++.c
Examining data/pd-iemlib-1.22.1/src/gate.c
Examining data/pd-iemlib-1.22.1/src/hml_shelf~.c
Examining data/pd-iemlib-1.22.1/src/iem_alisttosym.c
Examining data/pd-iemlib-1.22.1/src/iem_anything.c
Examining data/pd-iemlib-1.22.1/src/iem_append.c
Examining data/pd-iemlib-1.22.1/src/iem_blocksize~.c
Examining data/pd-iemlib-1.22.1/src/iem_cot4~.c
Examining data/pd-iemlib-1.22.1/src/iem_delay~.c
Examining data/pd-iemlib-1.22.1/src/iem_i_route.c
Examining data/pd-iemlib-1.22.1/src/iem_pbank_csv.c
Examining data/pd-iemlib-1.22.1/src/iem_pow4~.c
Examining data/pd-iemlib-1.22.1/src/iem_prepend.c
Examining data/pd-iemlib-1.22.1/src/iem_receive.c
Examining data/pd-iemlib-1.22.1/src/iem_route.c
Examining data/pd-iemlib-1.22.1/src/iem_samplerate~.c
Examining data/pd-iemlib-1.22.1/src/iem_sel_any.c
Examining data/pd-iemlib-1.22.1/src/iem_send.c
Examining data/pd-iemlib-1.22.1/src/iem_sqrt4~.c
Examining data/pd-iemlib-1.22.1/src/iem_symtoalist.c
Examining data/pd-iemlib-1.22.1/src/iemlib.c
Examining data/pd-iemlib-1.22.1/src/init.c
Examining data/pd-iemlib-1.22.1/src/list2send.c
Examining data/pd-iemlib-1.22.1/src/lp1_t~.c
Examining data/pd-iemlib-1.22.1/src/m2f~.c
Examining data/pd-iemlib-1.22.1/src/mergefilename.c
Examining data/pd-iemlib-1.22.1/src/modulo_counter.c
Examining data/pd-iemlib-1.22.1/src/mov_avrg_kern~.c
Examining data/pd-iemlib-1.22.1/src/para_bp2~.c
Examining data/pd-iemlib-1.22.1/src/parentdollarzero.c
Examining data/pd-iemlib-1.22.1/src/peakenv_AR~.c
Examining data/pd-iemlib-1.22.1/src/peakenv_hold~.c
Examining data/pd-iemlib-1.22.1/src/peakenv~.c
Examining data/pd-iemlib-1.22.1/src/post_netreceive.c
Examining data/pd-iemlib-1.22.1/src/pre_inlet.c
Examining data/pd-iemlib-1.22.1/src/prepend_ascii.c
Examining data/pd-iemlib-1.22.1/src/protect_against_open.c
Examining data/pd-iemlib-1.22.1/src/prvu~.c
Examining data/pd-iemlib-1.22.1/src/pvu~.c
Examining data/pd-iemlib-1.22.1/src/receive2list.c
Examining data/pd-iemlib-1.22.1/src/round_zero.c
Examining data/pd-iemlib-1.22.1/src/rvu~.c
Examining data/pd-iemlib-1.22.1/src/sin_freq~.c
Examining data/pd-iemlib-1.22.1/src/sin_phase~.c
Examining data/pd-iemlib-1.22.1/src/soundfile_info.c
Examining data/pd-iemlib-1.22.1/src/sparse_FIR~.c
Examining data/pd-iemlib-1.22.1/src/speedlim.c
Examining data/pd-iemlib-1.22.1/src/split.c
Examining data/pd-iemlib-1.22.1/src/splitfilename.c
Examining data/pd-iemlib-1.22.1/src/stripfilename.c
Examining data/pd-iemlib-1.22.1/src/t3_bpe.c
Examining data/pd-iemlib-1.22.1/src/t3_delay.c
Examining data/pd-iemlib-1.22.1/src/t3_line~.c
Examining data/pd-iemlib-1.22.1/src/t3_metro.c
Examining data/pd-iemlib-1.22.1/src/t3_sig~.c
Examining data/pd-iemlib-1.22.1/src/t3_timer.c
Examining data/pd-iemlib-1.22.1/src/toggle_mess.c
Examining data/pd-iemlib-1.22.1/src/transf_fader.c
Examining data/pd-iemlib-1.22.1/src/unsymbol.c
Examining data/pd-iemlib-1.22.1/src/v2db.c
Examining data/pd-iemlib-1.22.1/src/vcf_filter~.c
Examining data/pd-iemlib-1.22.1/src/wrap.c
FINAL RESULTS:
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3392:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, str);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3398:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, str);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3402:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3404:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(completefilename, str);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3413:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->filename, completefilename);
data/pd-iemlib-1.22.1/src/float24.c:37:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, buf);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:77:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:82:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:86:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:88:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:397:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:402:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:406:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name);
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:408:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/mergefilename.c:108:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->x_mem, av->a_w.w_symbol->s_name);
data/pd-iemlib-1.22.1/src/mergefilename.c:124:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->x_mem, flt_buf);
data/pd-iemlib-1.22.1/src/mergefilename.c:149:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->x_mem, s->s_name);
data/pd-iemlib-1.22.1/src/mergefilename.c:169:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->x_mem, av->a_w.w_symbol->s_name);
data/pd-iemlib-1.22.1/src/mergefilename.c:185:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->x_mem, flt_buf);
data/pd-iemlib-1.22.1/src/protect_against_open.c:87:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, s_unique->s_name);
data/pd-iemlib-1.22.1/src/soundfile_info.c:250:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/soundfile_info.c:255:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/soundfile_info.c:259:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(completefilename, canvas_getdir(x->x_canvas)->s_name);
data/pd-iemlib-1.22.1/src/soundfile_info.c:261:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(completefilename, filename->s_name);
data/pd-iemlib-1.22.1/src/splitfilename.c:87:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->x_mem, s->s_name);
data/pd-iemlib-1.22.1/src/stripfilename.c:36:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->x_mem, s->s_name);
data/pd-iemlib-1.22.1/src/stripfilename.c:53:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->x_mem, s->s_name);
data/pd-iemlib-1.22.1/src/vcf_filter~.c:325:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->x_filtname, c);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:50:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define random rand
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:51:10: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define srandom srand
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:51:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define srandom srand
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:175:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bsspace[2][MAXFRAMESIZE+512]; /* MAXFRAMESIZE */
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:826:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iemmp3_wordpointer+len,mp->tail->pnt+mp->tail->pos,nlen);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nbuf->pnt,buf,size);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1640:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iemmp3_wordpointer,bsbufold+iemmp3_gmp->fsizeold-backstep,backstep);
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1648:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char slen[2][16] = {
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:1754:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stab[3][6][4] = {
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3374:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *modes[4] = { "Stereo", "Joint-Stereo", "Dual-Channel", "Single-Channel" };
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3375:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *layers[4] = { "Unknown" , "I", "II", "III" };
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char completefilename[400];
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3407:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((x->fh = fopen(completefilename, "rb")) == NULL)
data/pd-iemlib-1.22.1/include/iemlib.h:177:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define iem_open open
data/pd-iemlib-1.22.1/include/iemlib.h:179:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define iem_fopen fopen
data/pd-iemlib-1.22.1/src/f2note.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4];
data/pd-iemlib-1.22.1/src/float24.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1000], buf[100];
data/pd-iemlib-1.22.1/src/float24.c:36:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%g", (float)atom_getfloatarg(i, argc, argv));
data/pd-iemlib-1.22.1/src/iem_alisttosym.c:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_string[MAXPDSTRING];
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char completefilename[MAXPDSTRING], eol[8], sep, mode[IEM_PBANK_MALLOC_SIZE], sfmt[IEM_PBANK_MALLOC_SIZE];
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formattext[100];
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:70:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mode, "br"); // default: blank-separator, return-eol, return depends on operating system
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:72:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(eol, ";\n");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:91:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(completefilename,"wb");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:126:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(formattext, "item-separator = BLANK; ");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:131:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(formattext, "item-separator = SEMICOLON; ");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:136:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(formattext, "item-separator = TABULATOR; ");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:143:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = BLANK-RETURN.");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:148:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = SEMICOLON-RETURN.");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:153:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = TABULATOR-RETURN.");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:158:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = RETURN.");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING+1], *bufp, *ebuf = buf+MAXPDSTRING;
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:291:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SETDOLLAR(ap, atoi(buf+1));
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char completefilename[400], eol, sep, mode[4], *txbuf1, *txbuf2, *txvec_src, *txvec_dst;
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formattext[100], str_format[8];
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:390:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mode, "br"); // blank-separator, return-eol
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:411:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(completefilename,"rb");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:443:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(formattext, "item-separator = BLANK; ");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:448:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(formattext, "item-separator = SEMICOLON; ");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:453:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(formattext, "item-separator = TABULATOR; ");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:460:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = BLANK-RETURN.");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:465:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = SEMICOLON-RETURN.");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:470:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = TABULATOR-RETURN.");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:475:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formattext, "end_of_line_terminator = RETURN.");
data/pd-iemlib-1.22.1/src/iem_receive.c:58:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/pd-iemlib-1.22.1/src/iem_receive.c:62:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloat(av));
data/pd-iemlib-1.22.1/src/iem_receive.c:142:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/pd-iemlib-1.22.1/src/iem_receive.c:144:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloat(av));
data/pd-iemlib-1.22.1/src/iem_sel_any.c:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/pd-iemlib-1.22.1/src/iem_sel_any.c:62:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloatarg(1, ac, av));
data/pd-iemlib-1.22.1/src/iem_sel_any.c:83:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/pd-iemlib-1.22.1/src/iem_sel_any.c:85:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloatarg(0, ac, av));
data/pd-iemlib-1.22.1/src/iem_send.c:95:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/pd-iemlib-1.22.1/src/iem_send.c:97:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloat(av));
data/pd-iemlib-1.22.1/src/iem_send.c:127:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/pd-iemlib-1.22.1/src/iem_send.c:129:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloat(av));
data/pd-iemlib-1.22.1/src/iem_symtoalist.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_string[MAXPDSTRING];
data/pd-iemlib-1.22.1/src/iem_symtoalist.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[40];
data/pd-iemlib-1.22.1/src/iem_symtoalist.c:46:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%g", f);
data/pd-iemlib-1.22.1/src/list2send.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/pd-iemlib-1.22.1/src/list2send.c:190:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloatarg(1, ac, av));
data/pd-iemlib-1.22.1/src/mergefilename.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_sep[2];
data/pd-iemlib-1.22.1/src/mergefilename.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_mem[MAXPDSTRING];
data/pd-iemlib-1.22.1/src/mergefilename.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flt_buf[30];
data/pd-iemlib-1.22.1/src/mergefilename.c:73:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(flt_buf, "%g", f);
data/pd-iemlib-1.22.1/src/mergefilename.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flt_buf[30];
data/pd-iemlib-1.22.1/src/mergefilename.c:114:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(flt_buf, "%g", av->a_w.w_float);
data/pd-iemlib-1.22.1/src/mergefilename.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flt_buf[30];
data/pd-iemlib-1.22.1/src/mergefilename.c:175:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(flt_buf, "%g", av->a_w.w_float);
data/pd-iemlib-1.22.1/src/pre_inlet.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/pd-iemlib-1.22.1/src/prepend_ascii.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/pd-iemlib-1.22.1/src/protect_against_open.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/pd-iemlib-1.22.1/src/protect_against_open.c:88:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "-quabla");
data/pd-iemlib-1.22.1/src/receive2list.c:77:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/pd-iemlib-1.22.1/src/receive2list.c:81:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%g", atom_getfloat(av+1));
data/pd-iemlib-1.22.1/src/soundfile_info.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char completefilename[MAXPDSTRING];
data/pd-iemlib-1.22.1/src/soundfile_info.c:264:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(completefilename,"rb");
data/pd-iemlib-1.22.1/src/splitfilename.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_sep[2];
data/pd-iemlib-1.22.1/src/splitfilename.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_mem[MAXPDSTRING];
data/pd-iemlib-1.22.1/src/stripfilename.c:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_mem[MAXPDSTRING];
data/pd-iemlib-1.22.1/src/vcf_filter~.c:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_filtname[6];
data/pd-iemlib-1.22.1/iem_mp3/src/mp3play~.c:3403:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(completefilename, "/");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:87:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(completefilename, "/");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:98:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(format->s_name) >= IEM_PBANK_FORMAT_SIZE)
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:407:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(completefilename, "/");
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:418:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(format->s_name) >= IEM_PBANK_FORMAT_SIZE)
data/pd-iemlib-1.22.1/src/iem_pbank_csv.c:420:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str_format, format->s_name, IEM_PBANK_FORMAT_SIZE);
data/pd-iemlib-1.22.1/src/iem_symtoalist.c:30:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, n=strlen(string);
data/pd-iemlib-1.22.1/src/iem_symtoalist.c:47:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n=strlen(string);
data/pd-iemlib-1.22.1/src/mergefilename.c:34:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) == 1)
data/pd-iemlib-1.22.1/src/mergefilename.c:94:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(x->x_mem, x->x_sep, 2);
data/pd-iemlib-1.22.1/src/mergefilename.c:99:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(av->a_w.w_symbol->s_name);
data/pd-iemlib-1.22.1/src/mergefilename.c:102:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(x->x_mem, av->a_w.w_symbol->s_name, MAXPDSTRING - 2 - accu_size);
data/pd-iemlib-1.22.1/src/mergefilename.c:115:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(flt_buf);
data/pd-iemlib-1.22.1/src/mergefilename.c:118:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(x->x_mem, flt_buf, MAXPDSTRING - 2 - accu_size);
data/pd-iemlib-1.22.1/src/mergefilename.c:140:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(s->s_name);
data/pd-iemlib-1.22.1/src/mergefilename.c:143:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(x->x_mem, s->s_name, MAXPDSTRING - 2);
data/pd-iemlib-1.22.1/src/mergefilename.c:157:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(x->x_mem, x->x_sep, 2);
data/pd-iemlib-1.22.1/src/mergefilename.c:160:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(av->a_w.w_symbol->s_name);
data/pd-iemlib-1.22.1/src/mergefilename.c:163:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(x->x_mem, av->a_w.w_symbol->s_name, MAXPDSTRING - 2 - accu_size);
data/pd-iemlib-1.22.1/src/mergefilename.c:176:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(flt_buf);
data/pd-iemlib-1.22.1/src/mergefilename.c:179:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(x->x_mem, flt_buf, MAXPDSTRING - 2 - accu_size);
data/pd-iemlib-1.22.1/src/soundfile_info.c:260:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(completefilename, "/");
data/pd-iemlib-1.22.1/src/splitfilename.c:36:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) == 1)
data/pd-iemlib-1.22.1/src/splitfilename.c:72:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(s->s_name);
data/pd-iemlib-1.22.1/src/splitfilename.c:83:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(x->x_mem, s->s_name, MAXPDSTRING - 2);
data/pd-iemlib-1.22.1/src/stripfilename.c:27:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s->s_name);
data/pd-iemlib-1.22.1/src/stripfilename.c:32:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(x->x_mem, s->s_name, MAXPDSTRING - 2);
data/pd-iemlib-1.22.1/src/stripfilename.c:44:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s->s_name);
data/pd-iemlib-1.22.1/src/stripfilename.c:49:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(x->x_mem, s->s_name, MAXPDSTRING - 2);
ANALYSIS SUMMARY:
Hits = 138
Lines analyzed = 18153 in approximately 0.52 seconds (34892 lines/second)
Physical Source Lines of Code (SLOC) = 14960
Hits@level = [0] 16 [1] 29 [2] 78 [3] 3 [4] 28 [5] 0
Hits@level+ = [0+] 154 [1+] 138 [2+] 109 [3+] 31 [4+] 28 [5+] 0
Hits/KSLOC@level+ = [0+] 10.2941 [1+] 9.2246 [2+] 7.2861 [3+] 2.07219 [4+] 1.87166 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.