Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_reinit.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod_grow.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_mllr.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_keyphrase.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_posterior.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_alignment.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fwdflat.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_state_align.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_simple.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ps.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fwdtree_bestpath.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_macros.h
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ptm_mgau.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_set_search.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict2pid.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_init.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lattice.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lm_read.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_nbest.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fsg.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_allphone.c
Examining data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fwdtree.c
Examining data/pocketsphinx-0.8+5prealpha+1/include/ps_lattice.h
Examining data/pocketsphinx-0.8+5prealpha+1/include/pocketsphinx_export.h
Examining data/pocketsphinx-0.8+5prealpha+1/include/ps_search.h
Examining data/pocketsphinx-0.8+5prealpha+1/include/pocketsphinx.h
Examining data/pocketsphinx-0.8+5prealpha+1/include/cmdln_macro.h
Examining data/pocketsphinx-0.8+5prealpha+1/include/ps_mllr.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/livedemo.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s3types.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_lextree.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdflat.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_history.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tied_mgau_common.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_lextree.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/hmm.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/phone_loop_search.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tmat.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_mllr.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice_internal.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search_internal.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/blkarray_list.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_mgau.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_alignment.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_history.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx_internal.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdtree.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_gauden.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdtree.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/allphone_search.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/allphone_search.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_alignment.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/state_align_search.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/hmm.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_mgau.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tmat.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search_fwdflat.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_gauden.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/state_align_search.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/phone_loop_search.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/blkarray_list.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.h
Examining data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c
Examining data/pocketsphinx-0.8+5prealpha+1/src/programs/mdef_convert.c
FINAL RESULTS:
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:125:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bmdef->ciname[0], mdef->ciphone[0].name);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:129:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bmdef->ciname[i], mdef->ciphone[i].name);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:878:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", bin_mdef_ciphone_str(m, pid));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:880:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s %s %c",
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:53:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf sprintf_s
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:239:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(phones, dict_ciphone_str(dict, i, j));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:206:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", mdef_ciphone_str(m, pid));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:208:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s %s %c",
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:308:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((sscanf(lp, "%s%n", word, &wlen) != 1) || (strcmp(word, "N") != 0))
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:313:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lp, "%s%n", word, &wlen) == 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:328:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lp, "%s%n", word, &wlen) != 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:343:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((sscanf(lp, "%s%n", word, &wlen) != 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:350:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lp, "%s%n", word, &wlen) != 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:378:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lp, "%s%n", word, &wlen) != 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:387:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lp, "%s%n", word, &wlen) != 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:395:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lp, "%s%n", word, &wlen) != 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:403:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((sscanf(lp, "%s%n", word, &wlen) != 1) || (word[1] != '\0'))
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:424:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lp, "%s%n", word, &wlen) != 1)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:551:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((sscanf(buf, "%d %s", &n, tag) != 2) || (n < 0))
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:875:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(phones, dict_ciphone_str(dict, wid, j));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c:35:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
TEST_EQUAL(0, system("diff -uw " MODELDIR "/en-us/cmudict-en-us.dict _cmu07a.dic"));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c:84:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom srand
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c:84:17: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom srand
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/vector.c:85:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random rand
data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:715:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uttid[16];
data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:717:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uttid, "%09u", ps->uttno);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nsenstr[64], logbasestr[64];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:354:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nsenstr, "%d", bin_mdef_n_sen(acmod->mdef));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:355:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logbasestr, "%f", logmath_get_base(acmod->lmath));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:541:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acmod->rawdata + acmod->rawdata_pos, *inout_raw, *inout_n_samps * sizeof(int16));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:644:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acmod->rawdata + acmod->rawdata_pos, prev_audio_inptr, processed_samples * sizeof(int16));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:681:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acmod->rawdata + acmod->rawdata_pos, prev_audio_inptr, processed_samples * sizeof(int16));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:819:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acmod->feat_buf[inptr][i],
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:838:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(val[i]) != bin_mdef_n_sen(acmod->mdef)) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/acmod.c:840:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"match mdef (%d)\n", atoi(val[i]),
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:337:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fh = fopen(filename, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:527:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fh = fopen(filename, "wb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:614:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fh = fopen(filename, "w")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:134:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wordp->ciphone, p, np * sizeof(s3cipid_t));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:226:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fh = fopen(filename, "w")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:274:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(dictfile, "r")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:288:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp2 = fopen(fillerfile, "r")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:115:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d2p->rssid[b][l].ssid, tmpssid,
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:119:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d2p->rssid[b][l].cimap, tmpcimap,
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:175:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d2p->lrssid[b][l].ssid, tmpssid,
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict2pid.c:179:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d2p->lrssid[b][l].cimap, tmpcimap,
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c:1046:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, baseword, len);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/hmm.c:104:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hmm->senid, ctx->sseq[ssid], hmm->n_emit_state * sizeof(*hmm->senid));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:108:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, det->keyphrase, strlen(det->keyphrase));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:333:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((list_file = fopen(keyfile, "r")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:696:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line[c], str, strlen(str));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:160:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__BIGSTACKVARIABLE__ char buf[4096];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:277:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__BIGSTACKVARIABLE__ char word[1024];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:322:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__BIGSTACKVARIABLE__ char word[1024], *lp;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:371:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__BIGSTACKVARIABLE__ char word[1024], *lp;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:476:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sseq[j], hash_entry_key(he), k);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:508:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__BIGSTACKVARIABLE__ char tag[1024], buf[1024];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:522:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(mdeffile, "r")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_gauden.c:129:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.c:66:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ms_senone.c:151:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c:586:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, dict_basestr(ps_search_dict(ngs), be->wid), len);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:78:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp = fopen(path, "rb");
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:90:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp = fopen(mdef, "rb");
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:936:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uttid[16];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:952:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uttid, "%09u", ps->uttno);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:971:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mfcfh = fopen(logfn, "wb")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:984:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rawfh = fopen(logfn, "wb")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:997:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((senfh = fopen(logfn, "wb")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:220:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "w")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:280:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "w")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:316:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
altpron = atoi(c + 1);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:478:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wd[256];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:861:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, wstr, len);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:874:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, wstr, len);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:1837:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, wstr, len);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_mllr.c:61:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(regmatfile, "r")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:148:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*cur + 1, *cur, sizeof(**cur));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:440:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->f->topn[0][0], lastf->topn[0][0],
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:473:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:532:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_feat = atoi(line + strlen("feature_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:535:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_density = atoi(line + strlen("mixture_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:538:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_sen = atoi(line + strlen("model_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:541:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_clust = atoi(line + strlen("cluster_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:544:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_bits = atoi(line + strlen("cluster_bits "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:673:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:164:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur + 1, cur, sizeof(vqFeature_t));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:861:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->f[i], lastf[i], sizeof(vqFeature_t) * s->max_topn);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:888:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:901:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:960:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_feat = atoi(line + strlen("feature_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:963:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_density = atoi(line + strlen("mixture_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:966:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_sen = atoi(line + strlen("model_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:969:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_clust = atoi(line + strlen("cluster_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:972:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_bits = atoi(line + strlen("cluster_bits "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:1101:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:1209:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out[i] = atoi(c);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:1215:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out[i] = atoi(c);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/tmat.c:154:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "rb")) == NULL)
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:388:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infh = fopen(infile, "rb")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:487:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(outfile, "w");
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:615:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mllrfh = fopen(str, "r");
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:622:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fsgfh = fopen(str, "r");
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:629:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lmfh = fopen(str, "r");
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:636:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hypfh = fopen(str, "w");
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:644:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hypsegfh = fopen(str, "w");
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:652:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctmfh = fopen(str, "w");
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:662:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *wptr[4];
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:721:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sf = atoi(wptr[1]);
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:723:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ef = atoi(wptr[2]);
data/pocketsphinx-0.8+5prealpha+1/src/programs/batch.c:814:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ctlfh = fopen(ctl, "r")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:156:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rawfd = fopen(fname, "rb")) == NULL) {
data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:162:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char waveheader[44];
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod.c:70:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_acmod_grow.c:69:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_dict.c:55:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "word_%d", i);
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_fsg.c:31:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c:41:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c:59:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_jsgf.c:77:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lattice.c:115:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_lm_read.c:27:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_mllr.c:27:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_nbest.c:29:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_posterior.c:32:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ps.c:26:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_ptm_mgau.c:41:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c:40:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c:42:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(senfh = fopen("goforward.sen", "wb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_senfh.c:67:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(senfh = fopen("goforward.sen", "rb"));
data/pocketsphinx-0.8+5prealpha+1/test/unit/test_state_align.c:18:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TEST_ASSERT(rawfh = fopen(DATADIR "/goforward.raw", "rb"));
data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:674:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hyp && strlen(hyp) > 0) {
data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:707:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = gst_buffer_new_and_alloc(strlen(hyp) + 1);
data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:708:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gst_buffer_fill(buffer, 0, hyp, strlen(hyp));
data/pocketsphinx-0.8+5prealpha+1/src/gst-plugin/gstpocketsphinx.c:709:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gst_buffer_fill(buffer, strlen(hyp), "\n", 1);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:123:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars += strlen(mdef->ciphone[i].name) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:128:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bmdef->ciname[i - 1] + strlen(bmdef->ciname[i - 1]) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:433:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m->ciname[i] = m->ciname[i - 1] + strlen(m->ciname[i - 1]) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:437:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m->ciname[i - 1] + strlen(m->ciname[i - 1]) + 1 - m->ciname[0];
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/bin_mdef.c:564:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(m->ciname[i], 1, strlen(m->ciname[i]) + 1, fh);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:207:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stralloc += strlen(d->word[w].word);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:236:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phlen += strlen(dict_ciphone_str(dict, i, j)) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:241:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(phones, " ");
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/dict.c:446:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(word);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c:1019:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(baseword) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/fsg_search.c:1044:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(baseword);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:95:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(det->keyphrase) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:108:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(c, det->keyphrase, strlen(det->keyphrase));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_detections.c:109:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(det->keyphrase);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:351:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(line) - 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:690:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(((kws_keyphrase_t *)gnode_ptr(gn))->word) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:696:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&line[c], str, strlen(str));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/kws_search.c:697:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(str);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/mdef.c:536:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, MODEL_DEF_VERSION, strlen(MODEL_DEF_VERSION)) != 0)
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c:566:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(dict_basestr(ps_search_dict(ngs), be->wid)) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ngram_search.c:584:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dict_basestr(ps_search_dict(ngs), be->wid));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:872:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phlen += strlen(dict_ciphone_str(dict, wid, j)) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/pocketsphinx.c:877:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(phones, " ");
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:367:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(li->buf, param, strlen(param)) == 0
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:486:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line->buf, "%d %255s %d %d %d", &seqid, wd, &sf, &fef,
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:842:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(wstr) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:848:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(wstr) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:859:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wstr);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:872:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wstr);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:1820:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(wstr) + 1;
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ps_lattice.c:1835:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wstr);
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:531:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "feature_count ", strlen("feature_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:532:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_feat = atoi(line + strlen("feature_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:534:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "mixture_count ", strlen("mixture_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:535:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_density = atoi(line + strlen("mixture_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:537:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "model_count ", strlen("model_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:538:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_sen = atoi(line + strlen("model_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:540:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "cluster_count ", strlen("cluster_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:541:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_clust = atoi(line + strlen("cluster_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:543:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "cluster_bits ", strlen("cluster_bits "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/ptm_mgau.c:544:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_bits = atoi(line + strlen("cluster_bits "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:959:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "feature_count ", strlen("feature_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:960:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_feat = atoi(line + strlen("feature_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:962:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "mixture_count ", strlen("mixture_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:963:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_density = atoi(line + strlen("mixture_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:965:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "model_count ", strlen("model_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:966:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_sen = atoi(line + strlen("model_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:968:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "cluster_count ", strlen("cluster_count "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:969:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_clust = atoi(line + strlen("cluster_count "));
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:971:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "cluster_bits ", strlen("cluster_bits "))) {
data/pocketsphinx-0.8+5prealpha+1/src/libpocketsphinx/s2_semi_mgau.c:972:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_bits = atoi(line + strlen("cluster_bits "));
data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:161:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".wav") == 0) {
data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:161:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".wav") == 0) {
data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:168:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".mp3") == 0) {
data/pocketsphinx-0.8+5prealpha+1/src/programs/continuous.c:168:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) > 4 && strcmp(fname + strlen(fname) - 4, ".mp3") == 0) {
ANALYSIS SUMMARY:
Hits = 192
Lines analyzed = 33744 in approximately 1.00 seconds (33587 lines/second)
Physical Source Lines of Code (SLOC) = 22154
Hits@level = [0] 255 [1] 59 [2] 109 [3] 3 [4] 21 [5] 0
Hits@level+ = [0+] 447 [1+] 192 [2+] 133 [3+] 24 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 20.1769 [1+] 8.66661 [2+] 6.00343 [3+] 1.08333 [4+] 0.94791 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.