Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp
Examining data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.h
Examining data/python-pyo-1.0.3/embedded/m_pyo.h
Examining data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp
Examining data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.h
Examining data/python-pyo-1.0.3/embedded/puredata/pyo~.c
Examining data/python-pyo-1.0.3/externals/externalmodule-template.c
Examining data/python-pyo-1.0.3/externals/externalmodule-template.h
Examining data/python-pyo-1.0.3/include/ad_coreaudio.h
Examining data/python-pyo-1.0.3/include/ad_jack.h
Examining data/python-pyo-1.0.3/include/ad_portaudio.h
Examining data/python-pyo-1.0.3/include/dummymodule.h
Examining data/python-pyo-1.0.3/include/fft.h
Examining data/python-pyo-1.0.3/include/interpolation.h
Examining data/python-pyo-1.0.3/include/matrixmodule.h
Examining data/python-pyo-1.0.3/include/md_portmidi.h
Examining data/python-pyo-1.0.3/include/pvstreammodule.h
Examining data/python-pyo-1.0.3/include/py2to3.h
Examining data/python-pyo-1.0.3/include/pyomodule.h
Examining data/python-pyo-1.0.3/include/servermodule.h
Examining data/python-pyo-1.0.3/include/streammodule.h
Examining data/python-pyo-1.0.3/include/tablemodule.h
Examining data/python-pyo-1.0.3/include/vbap.h
Examining data/python-pyo-1.0.3/include/wind.h
Examining data/python-pyo-1.0.3/src/engine/ad_coreaudio.c
Examining data/python-pyo-1.0.3/src/engine/ad_jack.c
Examining data/python-pyo-1.0.3/src/engine/ad_portaudio.c
Examining data/python-pyo-1.0.3/src/engine/dummymodule.c
Examining data/python-pyo-1.0.3/src/engine/fft.c
Examining data/python-pyo-1.0.3/src/engine/inputfadermodule.c
Examining data/python-pyo-1.0.3/src/engine/interpolation.c
Examining data/python-pyo-1.0.3/src/engine/md_portmidi.c
Examining data/python-pyo-1.0.3/src/engine/midilistenermodule.c
Examining data/python-pyo-1.0.3/src/engine/mixmodule.c
Examining data/python-pyo-1.0.3/src/engine/osclistenermodule.c
Examining data/python-pyo-1.0.3/src/engine/pvstreammodule.c
Examining data/python-pyo-1.0.3/src/engine/pyomodule.c
Examining data/python-pyo-1.0.3/src/engine/servermodule.c
Examining data/python-pyo-1.0.3/src/engine/streammodule.c
Examining data/python-pyo-1.0.3/src/engine/vbap.c
Examining data/python-pyo-1.0.3/src/engine/wind.c
Examining data/python-pyo-1.0.3/src/objects/analysismodule.c
Examining data/python-pyo-1.0.3/src/objects/arithmeticmodule.c
Examining data/python-pyo-1.0.3/src/objects/chorusmodule.c
Examining data/python-pyo-1.0.3/src/objects/compressmodule.c
Examining data/python-pyo-1.0.3/src/objects/convolvemodule.c
Examining data/python-pyo-1.0.3/src/objects/delaymodule.c
Examining data/python-pyo-1.0.3/src/objects/distomodule.c
Examining data/python-pyo-1.0.3/src/objects/exprmodule.c
Examining data/python-pyo-1.0.3/src/objects/fadermodule.c
Examining data/python-pyo-1.0.3/src/objects/fftmodule.c
Examining data/python-pyo-1.0.3/src/objects/filtremodule.c
Examining data/python-pyo-1.0.3/src/objects/freeverbmodule.c
Examining data/python-pyo-1.0.3/src/objects/granulatormodule.c
Examining data/python-pyo-1.0.3/src/objects/harmonizermodule.c
Examining data/python-pyo-1.0.3/src/objects/hilbertmodule.c
Examining data/python-pyo-1.0.3/src/objects/hrtfmodule.c
Examining data/python-pyo-1.0.3/src/objects/inputmodule.c
Examining data/python-pyo-1.0.3/src/objects/lfomodule.c
Examining data/python-pyo-1.0.3/src/objects/matrixmodule.c
Examining data/python-pyo-1.0.3/src/objects/matrixprocessmodule.c
Examining data/python-pyo-1.0.3/src/objects/metromodule.c
Examining data/python-pyo-1.0.3/src/objects/midimodule.c
Examining data/python-pyo-1.0.3/src/objects/mmlmodule.c
Examining data/python-pyo-1.0.3/src/objects/noisemodule.c
Examining data/python-pyo-1.0.3/src/objects/oscbankmodule.c
Examining data/python-pyo-1.0.3/src/objects/oscilmodule.c
Examining data/python-pyo-1.0.3/src/objects/oscmodule.c
Examining data/python-pyo-1.0.3/src/objects/panmodule.c
Examining data/python-pyo-1.0.3/src/objects/patternmodule.c
Examining data/python-pyo-1.0.3/src/objects/phasevocmodule.c
Examining data/python-pyo-1.0.3/src/objects/randommodule.c
Examining data/python-pyo-1.0.3/src/objects/recordmodule.c
Examining data/python-pyo-1.0.3/src/objects/selectmodule.c
Examining data/python-pyo-1.0.3/src/objects/sfplayermodule.c
Examining data/python-pyo-1.0.3/src/objects/sigmodule.c
Examining data/python-pyo-1.0.3/src/objects/tablemodule.c
Examining data/python-pyo-1.0.3/src/objects/trigmodule.c
Examining data/python-pyo-1.0.3/src/objects/utilsmodule.c
Examining data/python-pyo-1.0.3/src/objects/wgverbmodule.c
Examining data/python-pyo-1.0.3/src/objects/bandsplitmodule.c
FINAL RESULTS:
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:74:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pyoMsg, _msg);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:79:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pyoMsg, _msg.getCharPointer());
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:84:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s.value=%f", name, value);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:90:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s.value=%f", _name, value);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:96:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s.value=[", name);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:99:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pyoMsg, fchar);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:108:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s.value=[", _name);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:111:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pyoMsg, fchar);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:118:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s=%f", name, value);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s=%f", _name, value);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:130:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s=[", name);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:133:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pyoMsg, fchar);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:142:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s=[", _name);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:145:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pyoMsg, fchar);
data/python-pyo-1.0.3/embedded/m_pyo.h:424:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "import os\n_isrel_ = True\n_ok_ = os.path.isfile('./%s')", file);
data/python-pyo-1.0.3/embedded/m_pyo.h:426:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "if not _ok_:\n _isrel_ = False\n _ok_ = os.path.isfile('%s')", file);
data/python-pyo-1.0.3/embedded/m_pyo.h:437:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "_badcode_ = False\ntry:\n exec(open('./%s').read())\nexcept:\n _badcode_ = True", file);
data/python-pyo-1.0.3/embedded/m_pyo.h:439:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "_badcode_ = False\ntry:\n exec(open('%s').read())\nexcept:\n _badcode_ = True", file);
data/python-pyo-1.0.3/embedded/m_pyo.h:486:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, PY_STRING_AS_STRING(obj));
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:97:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s.value=%f", name, value);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s.value=[", name);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:127:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pyoMsg, fchar);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:153:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s=%f", name, value);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:180:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pyoMsg, "%s=[", name);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:183:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pyoMsg, fchar);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:205:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pyoMsg, _msg);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:121:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(x->msg, "%s%s=", c->s_name, att);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:128:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->msg, atom_getsymbol(argv)->s_name);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:132:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->msg, fchar);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:164:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(x->msg, "%s=%s(", varname, object);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:167:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->msg, atom_getsymbol(argv)->s_name);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:171:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->msg, fchar);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:229:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(x->msg, "%s(", atom_getsymbol(argv)->s_name);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:233:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->msg, atom_getsymbol(argv)->s_name);
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:237:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x->msg, fchar);
data/python-pyo-1.0.3/src/engine/ad_jack.c:436:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(self->serverName, jack_get_client_name(be_data->jack_client));
data/python-pyo-1.0.3/src/engine/ad_jack.c:615:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%s_%d", name, i);
data/python-pyo-1.0.3/src/engine/ad_jack.c:662:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%s_%d", name, i);
data/python-pyo-1.0.3/src/engine/servermodule.c:131:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (buffer,format, args);
data/python-pyo-1.0.3/src/engine/servermodule.c:147:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (buffer,format, args);
data/python-pyo-1.0.3/src/engine/servermodule.c:164:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (buffer,format, args);
data/python-pyo-1.0.3/src/engine/servermodule.c:180:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (buffer,format, args);
data/python-pyo-1.0.3/src/objects/patternmodule.c:370:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(self->curfname, "%s%i()\n", self->fname, inval);
data/python-pyo-1.0.3/src/objects/tablemodule.c:5535:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:98:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f,", value[i]);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:110:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f,", value[i]);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:132:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f,", value[i]);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:144:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f,", value[i]);
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.h:225:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pyoMsg[262144];
data/python-pyo-1.0.3/embedded/m_pyo.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/python-pyo-1.0.3/embedded/m_pyo.h:99:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "_s_ = Server(%f, %d, %d, 1, 'embedded')", sr, chnls, bufsize);
data/python-pyo-1.0.3/embedded/m_pyo.h:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/python-pyo-1.0.3/embedded/m_pyo.h:337:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "_s_.setSamplingRate(%f)", sr);
data/python-pyo-1.0.3/embedded/m_pyo.h:339:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "_s_.setBufferSize(%d)", bufsize);
data/python-pyo-1.0.3/embedded/m_pyo.h:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/python-pyo-1.0.3/embedded/m_pyo.h:357:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "BPM = %f", bpm);
data/python-pyo-1.0.3/embedded/m_pyo.h:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/python-pyo-1.0.3/embedded/m_pyo.h:377:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "_s_.addMidiEvent(%d, %d, %d)", status, data1, data2);
data/python-pyo-1.0.3/embedded/m_pyo.h:477:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pp[26] = "_error_=None\ntry:\n ";
data/python-pyo-1.0.3/embedded/m_pyo.h:480:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, "\nexcept Exception, _e_:\n _error_=str(_e_)");
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:126:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f,", value[i]);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:182:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f,", value[i]);
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.h:30:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pyoMsg[262144];
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:131:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%.6f", atom_getfloat(argv));
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:170:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f", atom_getfloat(argv));
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fchar[32];
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:236:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fchar, "%f", atom_getfloat(argv));
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:240:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(x->msg, ", ");
data/python-pyo-1.0.3/src/engine/ad_jack.c:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_name[32];
data/python-pyo-1.0.3/src/engine/ad_jack.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/python-pyo-1.0.3/src/engine/ad_jack.c:482:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(name, "input_%i", index + 1);
data/python-pyo-1.0.3/src/engine/ad_jack.c:504:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(name, "output_%i", index + 1);
data/python-pyo-1.0.3/src/engine/ad_jack.c:587:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[128];
data/python-pyo-1.0.3/src/engine/ad_jack.c:639:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[128];
data/python-pyo-1.0.3/src/engine/osclistenermodule.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/python-pyo-1.0.3/src/engine/osclistenermodule.c:163:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", self->oscport);
data/python-pyo-1.0.3/src/engine/pyomodule.c:323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileformat[5];
data/python-pyo-1.0.3/src/engine/pyomodule.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sampletype[16];
data/python-pyo-1.0.3/src/engine/pyomodule.c:346:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "WAVE");
data/python-pyo-1.0.3/src/engine/pyomodule.c:348:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "AIFF");
data/python-pyo-1.0.3/src/engine/pyomodule.c:350:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "AU");
data/python-pyo-1.0.3/src/engine/pyomodule.c:352:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "RAW");
data/python-pyo-1.0.3/src/engine/pyomodule.c:354:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "SD2");
data/python-pyo-1.0.3/src/engine/pyomodule.c:356:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "FLAC");
data/python-pyo-1.0.3/src/engine/pyomodule.c:358:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "CAF");
data/python-pyo-1.0.3/src/engine/pyomodule.c:360:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "OGG");
data/python-pyo-1.0.3/src/engine/pyomodule.c:362:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "RF64");
data/python-pyo-1.0.3/src/engine/pyomodule.c:364:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fileformat, "????");
data/python-pyo-1.0.3/src/engine/pyomodule.c:368:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "s8 bit int");
data/python-pyo-1.0.3/src/engine/pyomodule.c:370:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "u8 bit int");
data/python-pyo-1.0.3/src/engine/pyomodule.c:372:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "16 bit int");
data/python-pyo-1.0.3/src/engine/pyomodule.c:374:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "24 bit int");
data/python-pyo-1.0.3/src/engine/pyomodule.c:376:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "32 bit int");
data/python-pyo-1.0.3/src/engine/pyomodule.c:378:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "32 bit float");
data/python-pyo-1.0.3/src/engine/pyomodule.c:380:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "64 bit float");
data/python-pyo-1.0.3/src/engine/pyomodule.c:382:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "U-Law encoded");
data/python-pyo-1.0.3/src/engine/pyomodule.c:384:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "A-Law encoded");
data/python-pyo-1.0.3/src/engine/pyomodule.c:386:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "vorbis encoding");
data/python-pyo-1.0.3/src/engine/pyomodule.c:388:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sampletype, "Unknown...");
data/python-pyo-1.0.3/src/engine/servermodule.c:128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/python-pyo-1.0.3/src/engine/servermodule.c:144:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/python-pyo-1.0.3/src/engine/servermodule.c:161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/python-pyo-1.0.3/src/engine/servermodule.c:177:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/python-pyo-1.0.3/src/engine/servermodule.c:2119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[32];
data/python-pyo-1.0.3/src/engine/servermodule.c:2120:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(address, "%p", &self->input_buffer[0]);
data/python-pyo-1.0.3/src/engine/servermodule.c:2128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[32];
data/python-pyo-1.0.3/src/engine/servermodule.c:2129:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(address, "%p", &self->output_buffer[0]);
data/python-pyo-1.0.3/src/engine/servermodule.c:2142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[32];
data/python-pyo-1.0.3/src/engine/servermodule.c:2143:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(address, "%p", &my_server[self->thisServerID]);
data/python-pyo-1.0.3/src/engine/servermodule.c:2166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[32];
data/python-pyo-1.0.3/src/engine/servermodule.c:2167:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(address, "%p", &Server_embedded_i_startIdx);
data/python-pyo-1.0.3/src/engine/servermodule.c:2177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curtime[36];
data/python-pyo-1.0.3/src/engine/servermodule.c:2186:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(curtime, "%02d : %02d : %02d : %03d", hours, minutes, seconds, milliseconds);
data/python-pyo-1.0.3/src/engine/vbap.c:697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[10000];
data/python-pyo-1.0.3/src/engine/vbap.c:702:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/python-pyo-1.0.3/src/engine/vbap.c:1078:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[10000];
data/python-pyo-1.0.3/src/engine/vbap.c:1088:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/python-pyo-1.0.3/src/objects/matrixmodule.c:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix[self->width*self->height*3];
data/python-pyo-1.0.3/src/objects/mmlmodule.c:145:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[128];
data/python-pyo-1.0.3/src/objects/mmlmodule.c:146:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%f", value);
data/python-pyo-1.0.3/src/objects/oscmodule.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/python-pyo-1.0.3/src/objects/oscmodule.c:129:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", self->port);
data/python-pyo-1.0.3/src/objects/oscmodule.c:634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/python-pyo-1.0.3/src/objects/oscmodule.c:635:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", self->port);
data/python-pyo-1.0.3/src/objects/oscmodule.c:874:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/python-pyo-1.0.3/src/objects/oscmodule.c:875:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", self->port);
data/python-pyo-1.0.3/src/objects/oscmodule.c:1128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/python-pyo-1.0.3/src/objects/oscmodule.c:1129:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", self->port);
data/python-pyo-1.0.3/src/objects/oscmodule.c:1335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/python-pyo-1.0.3/src/objects/oscmodule.c:1336:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", self->port);
data/python-pyo-1.0.3/src/objects/patternmodule.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curfname[100];
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:101:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pyoMsg, "]");
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:113:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pyoMsg, "]");
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:135:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pyoMsg, "]");
data/python-pyo-1.0.3/embedded/juceplugin/PyoClass.cpp:147:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pyoMsg, "]");
data/python-pyo-1.0.3/embedded/m_pyo.h:478:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(msg + strlen(pp), msg, strlen(msg)+1);
data/python-pyo-1.0.3/embedded/m_pyo.h:478:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(msg + strlen(pp), msg, strlen(msg)+1);
data/python-pyo-1.0.3/embedded/m_pyo.h:479:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(msg, pp, strlen(pp));
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:129:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pyoMsg, "]");
data/python-pyo-1.0.3/embedded/openframeworks/PyoClass.cpp:185:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pyoMsg, "]");
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:123:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x->msg, "[");
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:135:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x->msg, ",");
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:139:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x->msg, "]");
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:174:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x->msg, ",");
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:177:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x->msg, ")");
data/python-pyo-1.0.3/embedded/puredata/pyo~.c:243:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x->msg, ")");
data/python-pyo-1.0.3/src/engine/ad_jack.c:405:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(client_name, self->serverName, 32);
data/python-pyo-1.0.3/src/engine/servermodule.c:725:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(self->serverName, serverName, 32);
data/python-pyo-1.0.3/src/engine/servermodule.c:726:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(serverName) > 31) {
data/python-pyo-1.0.3/src/objects/oscmodule.c:868:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
self->num_items = strlen(self->types);
ANALYSIS SUMMARY:
Hits = 158
Lines analyzed = 149203 in approximately 3.95 seconds (37743 lines/second)
Physical Source Lines of Code (SLOC) = 128046
Hits@level = [0] 12 [1] 19 [2] 95 [3] 1 [4] 43 [5] 0
Hits@level+ = [0+] 170 [1+] 158 [2+] 139 [3+] 44 [4+] 43 [5+] 0
Hits/KSLOC@level+ = [0+] 1.32765 [1+] 1.23393 [2+] 1.08555 [3+] 0.343627 [4+] 0.335817 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.