Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/quisk-4.1.66/quisk.c
Examining data/quisk-4.1.66/afedrinet/afedrinet_io.c
Examining data/quisk-4.1.66/extdemod.c
Examining data/quisk-4.1.66/filter.c
Examining data/quisk-4.1.66/filter.h
Examining data/quisk-4.1.66/filters.h
Examining data/quisk-4.1.66/freedv.c
Examining data/quisk-4.1.66/freedv.h
Examining data/quisk-4.1.66/import_quisk_api.c
Examining data/quisk-4.1.66/is_key_down.c
Examining data/quisk-4.1.66/microphone.c
Examining data/quisk-4.1.66/microphone.h
Examining data/quisk-4.1.66/perseuspkg/perseus.c
Examining data/quisk-4.1.66/quisk.h
Examining data/quisk-4.1.66/sdriqpkg/sdriq.c
Examining data/quisk-4.1.66/sdriqpkg/sdriq.h
Examining data/quisk-4.1.66/soapypkg/soapy.c
Examining data/quisk-4.1.66/sound.c
Examining data/quisk-4.1.66/sound_alsa.c
Examining data/quisk-4.1.66/sound_directx.c
Examining data/quisk-4.1.66/sound_io.c
Examining data/quisk-4.1.66/sound_portaudio.c
Examining data/quisk-4.1.66/sound_pulseaudio.c
Examining data/quisk-4.1.66/utility.c
Examining data/quisk-4.1.66/charleston/chas_rx2.c
Examining data/quisk-4.1.66/charleston/chas_rx2.h
FINAL RESULTS:
data/quisk-4.1.66/sound_alsa.c:531:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "*", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:536:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "S32 ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:539:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "U32 ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:542:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "S24 ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:545:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "U24 ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:549:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "*", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:554:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "S16 ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:558:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "*", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:563:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "S24_3LE ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:566:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "U16 ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:569:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(dev->msg1, "*UNSUPPORTED", QUISK_SC_SIZE);
data/quisk-4.1.66/afedrinet/afedrinet_io.c:130:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Failed to connect to UDP %s port %u", ip, port);
data/quisk-4.1.66/afedrinet/afedrinet_io.c:133:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Capture from UDP %s port %u", ip, port);
data/quisk-4.1.66/perseuspkg/perseus.c:227:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf128, "error: %s\n", perseus_errorstr());
data/quisk-4.1.66/perseuspkg/perseus.c:235:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf128, "perseus c: firmware download error: %s", perseus_errorstr());
data/quisk-4.1.66/quisk.c:3857:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Failed to connect to UDP %s port 0x%X", ip, port);
data/quisk-4.1.66/quisk.c:3860:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Capture from UDP %s port 0x%X", ip, port);
data/quisk-4.1.66/freedv.c:42:30: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define GET_HANDLE1 hLib = LoadLibrary("libcodec2.dll")
data/quisk-4.1.66/freedv.c:43:30: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define GET_HANDLE2 hLib = LoadLibrary(".\\freedvpkg\\libcodec2.dll")
data/quisk-4.1.66/freedv.c:44:30: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define GET_HANDLE3 hLib = LoadLibrary(".\\freedvpkg\\libcodec2_32.dll")
data/quisk-4.1.66/freedv.c:45:30: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define GET_HANDLE4 hLib = LoadLibrary(".\\freedvpkg\\libcodec2_64.dll")
data/quisk-4.1.66/quisk.c:475:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
di = ((float)random() / RAND_MAX - 0.5) * noise;
data/quisk-4.1.66/quisk.c:476:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dq = ((float)random() / RAND_MAX - 0.5) * noise;
data/quisk-4.1.66/afedrinet/afedrinet_io.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/quisk-4.1.66/afedrinet/afedrinet_io.c:107:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Failed to initialize Winsock (WSAStartup)");
data/quisk-4.1.66/afedrinet/afedrinet_io.c:146:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Failed to open socket");
data/quisk-4.1.66/afedrinet/afedrinet_io.c:184:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500]; // Maximum Ethernet is 1500 bytes.
data/quisk-4.1.66/afedrinet/afedrinet_io.c:258:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxr + 2, buf + index, 2);
data/quisk-4.1.66/afedrinet/afedrinet_io.c:260:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxi + 2, buf + index, 2);
data/quisk-4.1.66/afedrinet/afedrinet_io.c:264:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxr + 2, buf + index, 2);
data/quisk-4.1.66/afedrinet/afedrinet_io.c:266:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxi + 2, buf + index, 2);
data/quisk-4.1.66/charleston/chas_rx2.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sdr_name[NAME_SIZE]; // control item 1 (only used in this file 7 times)
data/quisk-4.1.66/charleston/chas_rx2.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sdr_serial[NAME_SIZE]; // item 2 (only used in this file five tmes)
data/quisk-4.1.66/charleston/chas_rx2.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/quisk-4.1.66/charleston/chas_rx2.c:113:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/quisk-4.1.66/charleston/chas_rx2.c:142:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/quisk-4.1.66/charleston/chas_rx2.c:479:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cdata[256];
data/quisk-4.1.66/charleston/chas_rx2.c:698:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sdr_name, "Charleston"); // Show that we are using a Charleston receiver
data/quisk-4.1.66/charleston/chas_rx2.c:699:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sdr_serial, "Rx1"); // and the type of Charleston receiver is Rx1
data/quisk-4.1.66/charleston/chas_rx2.c:848:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/quisk-4.1.66/charleston/chas_rx2.c:983:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/quisk-4.1.66/filter.c:121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->cBuf, cSamples, count * sizeof(complex double));
data/quisk-4.1.66/filter.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->dBuf, dSamples, count * sizeof(double));
data/quisk-4.1.66/filter.c:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->cBuf, cSamples, count * sizeof(complex double));
data/quisk-4.1.66/filter.c:415:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->dBuf, dsamples, count * sizeof(double));
data/quisk-4.1.66/filter.c:450:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->cBuf, cSamples, count * sizeof(complex double));
data/quisk-4.1.66/freedv.c:424:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char quisk_tx_msg[TX_MSG_SIZE];
data/quisk-4.1.66/freedv.c:442:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char quisk_rx_msg[RX_MSG_SIZE + 1];
data/quisk-4.1.66/is_key_down.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char port_name[QUISK_SC_SIZE]; // serial port name
data/quisk-4.1.66/is_key_down.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSG_SIZE];
data/quisk-4.1.66/is_key_down.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSG_SIZE];
data/quisk-4.1.66/is_key_down.c:173:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdComm = open(port_name, O_RDWR | O_NOCTTY);
data/quisk-4.1.66/microphone.c:898:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sendbuf[1032];
data/quisk-4.1.66/microphone.c:1624:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char delay_line[CW_DELAY_SAMPLES]; // play CW a fixed delay after the key
data/quisk-4.1.66/perseuspkg/perseus.c:140:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfd = open(fname, O_RDONLY|O_NONBLOCK);
data/quisk-4.1.66/perseuspkg/perseus.c:146:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wfd = open(fname, O_WRONLY|O_NONBLOCK);
data/quisk-4.1.66/perseuspkg/perseus.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf128[128] = "Capture Microtelecom Perseus HF receiver";
data/quisk-4.1.66/perseuspkg/perseus.c:220:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf128, "No Perseus receivers detected\n");
data/quisk-4.1.66/quisk.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fftw_wisdom_name[QUISK_SC_SIZE]; // wisdom patch provided by Eoin Mcloughlin, EI7HSB
data/quisk-4.1.66/quisk.c:196:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char quisk_pc_to_hermes[17 * 4]; // data to send from PC to Hermes hardware
data/quisk-4.1.66/quisk.c:197:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char quisk_hermeslite_writequeue[4 * 5]; // One-time writes to Hermes-Lite
data/quisk-4.1.66/quisk.c:200:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char quisk_hermes_to_pc[5 * 4]; // data received from the Hermes hardware
data/quisk-4.1.66/quisk.c:201:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char quisk_hermeslite_response[5]; // response from Hermes-Lite commands
data/quisk-4.1.66/quisk.c:280:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hWav->fp = fopen(file_name, "wb");
data/quisk-4.1.66/quisk.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[5];
data/quisk-4.1.66/quisk.c:428:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hWav->fp = fopen(file_name, "rb");
data/quisk-4.1.66/quisk.c:1443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[5];
data/quisk-4.1.66/quisk.c:1453:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wavFpSound = fopen(fname, "rb");
data/quisk-4.1.66/quisk.c:1489:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wavFpMic = fopen(fname, "rb");
data/quisk-4.1.66/quisk.c:1555:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf1 + nbuf1, samp1, count1 * sizeof(double)); // add samples to buffer
data/quisk-4.1.66/quisk.c:1557:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2 + nbuf2, samp2, count2 * sizeof(double));
data/quisk-4.1.66/quisk.c:1565:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(samp1, buf1, nout * sizeof(double)); // output samples
data/quisk-4.1.66/quisk.c:1568:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(samp2, buf2, nout * sizeof(double));
data/quisk-4.1.66/quisk.c:2316:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orig_cSamples, cSamples, nSamples * sizeof(complex double));
data/quisk-4.1.66/quisk.c:2544:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_cSamples, multirx_cSamples[multirx_play_channel], orig_nSamples * sizeof(complex double));
data/quisk-4.1.66/quisk.c:2886:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pt_ii, buf, py_sample_rx_bytes);
data/quisk-4.1.66/quisk.c:2888:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pt_qq, buf, py_sample_rx_bytes);
data/quisk-4.1.66/quisk.c:2951:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pt_ii, buf, py_bscope_bytes);
data/quisk-4.1.66/quisk.c:2991:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cSamples, PySampleBuf, PySampleCount * sizeof(complex double));
data/quisk-4.1.66/quisk.c:3146:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/quisk-4.1.66/quisk.c:3190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500]; // Maximum Ethernet is 1500 bytes.
data/quisk-4.1.66/quisk.c:3283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxr + (4 - sample_bytes), buf + index, sample_bytes);
data/quisk-4.1.66/quisk.c:3285:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxi + (4 - sample_bytes), buf + index, sample_bytes);
data/quisk-4.1.66/quisk.c:3289:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxr + (4 - sample_bytes), buf + index, sample_bytes);
data/quisk-4.1.66/quisk.c:3291:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxi + (4 - sample_bytes), buf + index, sample_bytes);
data/quisk-4.1.66/quisk.c:3329:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500];
data/quisk-4.1.66/quisk.c:3424:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500];
data/quisk-4.1.66/quisk.c:3628:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(multirx_fft_next_samples, multirx_fft_data[multirx_fft_next_index].samples, multirx_fft_width * sizeof(fftw_complex));
data/quisk-4.1.66/quisk.c:3639:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500]; // Maximum Ethernet is 1500 bytes.
data/quisk-4.1.66/quisk.c:3731:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxr + 1, buf + index, 3);
data/quisk-4.1.66/quisk.c:3733:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptxi + 1, buf + index, 3);
data/quisk-4.1.66/quisk.c:3807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/quisk-4.1.66/quisk.c:3830:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Failed to initialize Winsock (WSAStartup)");
data/quisk-4.1.66/quisk.c:3878:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Failed to open socket");
data/quisk-4.1.66/quisk.c:4000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[QUISK_SC_SIZE];
data/quisk-4.1.66/quisk.c:4111:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf32[32];
data/quisk-4.1.66/quisk.c:4123:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf32[32];
data/quisk-4.1.66/quisk.c:4271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf98[98];
data/quisk-4.1.66/quisk.c:4854:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(watfall.red, red.buf, 256);
data/quisk-4.1.66/quisk.c:4855:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(watfall.green, green.buf, 256);
data/quisk-4.1.66/quisk.c:4856:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(watfall.blue, blue.buf, 256);
data/quisk-4.1.66/quisk.c:4935:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, width);
data/quisk-4.1.66/quisk.c:4942:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + x, source, width - x);
data/quisk-4.1.66/quisk.c:4946:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source + x, width - x);
data/quisk-4.1.66/quisk.c:5105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cBuffer, cSamples, nSamples * sizeof(complex double)); // do not destroy cSamples
data/quisk-4.1.66/quisk.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[QUISK_SC_SIZE]; // the name of the device for display
data/quisk-4.1.66/quisk.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stream_description[QUISK_SC_SIZE]; // Short description of device/stream
data/quisk-4.1.66/quisk.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[QUISK_SC_SIZE]; // hardware device name
data/quisk-4.1.66/quisk.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg1[QUISK_SC_SIZE]; // string for information message
data/quisk-4.1.66/quisk.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_errmsg[QUISK_SC_SIZE]; // error message for device, or ""
data/quisk-4.1.66/quisk.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[IP_SIZE]; // server string for remote pulseaudio
data/quisk-4.1.66/quisk.h:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_capt_name[QUISK_SC_SIZE];
data/quisk-4.1.66/quisk.h:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_play_name[QUISK_SC_SIZE];
data/quisk-4.1.66/quisk.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg1[QUISK_SC_SIZE];
data/quisk-4.1.66/quisk.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[QUISK_SC_SIZE];
data/quisk-4.1.66/quisk.h:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mic_dev_name[QUISK_SC_SIZE]; // capture device
data/quisk-4.1.66/quisk.h:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_of_mic_play[QUISK_SC_SIZE]; // playback device
data/quisk-4.1.66/quisk.h:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mic_ip[IP_SIZE];
data/quisk-4.1.66/quisk.h:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IQ_server[IP_SIZE]; //IP address of optional streaming IQ server (pulseaudio)
data/quisk-4.1.66/quisk.h:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[QUISK_PATH_SIZE];
data/quisk-4.1.66/quisk.h:253:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char quisk_pc_to_hermes[17 * 4]; // Data to send from the PC to the Hermes hardware
data/quisk-4.1.66/quisk.h:254:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char quisk_hermeslite_writequeue[4 * 5]; // One-time writes to Hermes-Lite
data/quisk-4.1.66/quisk.h:396:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define QuiskGetConfigInt (*( int (*) (const char *, int) )Quisk_API[1])
data/quisk-4.1.66/quisk.h:397:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define QuiskGetConfigDouble (*( double (*) (const char *, double) )Quisk_API[2])
data/quisk-4.1.66/quisk.h:398:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define QuiskGetConfigString (*( char * (*) (const char *, char *) )Quisk_API[3])
data/quisk-4.1.66/quisk.h:398:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define QuiskGetConfigString (*( char * (*) (const char *, char *) )Quisk_API[3])
data/quisk-4.1.66/quisk.h:398:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define QuiskGetConfigString (*( char * (*) (const char *, char *) )Quisk_API[3])
data/quisk-4.1.66/quisk.h:401:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define QuiskPrintTime (*( void (*) (const char *, int) )Quisk_API[6])
data/quisk-4.1.66/sdriqpkg/sdriq.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sdr_name[NAME_SIZE]; // control item 1
data/quisk-4.1.66/sdriqpkg/sdriq.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sdr_serial[NAME_SIZE]; // item 2
data/quisk-4.1.66/sdriqpkg/sdriq.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64]; // message block header and control item and data
data/quisk-4.1.66/sdriqpkg/sdriq.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, params, nparams);
data/quisk-4.1.66/sdriqpkg/sdriq.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64]; // message block header and control item and data
data/quisk-4.1.66/sdriqpkg/sdriq.c:246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, params, nparams);
data/quisk-4.1.66/sdriqpkg/sdriq.c:266:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf128[128];
data/quisk-4.1.66/sdriqpkg/sdriq.c:267:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[SDRIQ_BUF_SIZE];
data/quisk-4.1.66/sdriqpkg/sdriq.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/quisk-4.1.66/sdriqpkg/sdriq.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/quisk-4.1.66/sdriqpkg/sdriq.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/quisk-4.1.66/sdriqpkg/sdriq.c:640:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
quisk_sdriq_fd = open(name, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/quisk-4.1.66/sdriqpkg/sdriq.c:668:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1024[1024];
data/quisk-4.1.66/sdriqpkg/sdriq.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/quisk-4.1.66/soapypkg/soapy.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf128[128];
data/quisk-4.1.66/soapypkg/soapy.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg200[200];
data/quisk-4.1.66/sound.c:242:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wavfile->fp = fp = fopen(wavfile->file_name, "wb");
data/quisk-4.1.66/sound.c:325:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wavfile->fp = fp = fopen(wavfile->file_name, "wb");
data/quisk-4.1.66/sound.c:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1500];
data/quisk-4.1.66/sound.c:569:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s, buf + i, 2);
data/quisk-4.1.66/sound.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radio_sound_ip[QUISK_SC_SIZE];
data/quisk-4.1.66/sound.c:1014:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radio_sound_mic_ip[QUISK_SC_SIZE];
data/quisk-4.1.66/sound_alsa.c:23:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer3[3 * SAMP_BUFFER_SIZE]; // Buffer for 3-byte samples from sound
data/quisk-4.1.66/sound_alsa.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *)&ii + 1, bufs.buffer3 + (i + dev->channel_I) * 3, 3);
data/quisk-4.1.66/sound_alsa.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *)&qq + 1, bufs.buffer3 + (i + dev->channel_Q) * 3, 3);
data/quisk-4.1.66/sound_alsa.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + ch_I * bytes_per_sample, ptSample, bytes_per_sample);
data/quisk-4.1.66/sound_alsa.c:283:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + ch_Q * bytes_per_sample, ptSample, bytes_per_sample);
data/quisk-4.1.66/sound_alsa.c:401:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufs.buffer3 + (i + playdev->channel_I) * 3, (unsigned char *)&ii, 3);
data/quisk-4.1.66/sound_alsa.c:402:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufs.buffer3 + (i + playdev->channel_Q) * 3, (unsigned char *)&qq, 3);
data/quisk-4.1.66/sound_alsa.c:438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf100[100];
data/quisk-4.1.66/sound_alsa.c:452:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf100, "hw:%d", card);
data/quisk-4.1.66/sound_alsa.c:580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[QUISK_SC_SIZE];
data/quisk-4.1.66/sound_alsa.c:743:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[QUISK_SC_SIZE];
data/quisk-4.1.66/sound_alsa.c:990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[QUISK_SC_SIZE];
data/quisk-4.1.66/sound_directx.c:31:18: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int wstr_size = MultiByteToWideChar(CP_ACP, 0, txt, bytes_txt, NULL, 0);
data/quisk-4.1.66/sound_directx.c:33:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, txt, bytes_txt, wstr, wstr_size + 1);
data/quisk-4.1.66/sound_io.c:165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areas[ch_I].ptr, ptSamples, bytes_per_sample);
data/quisk-4.1.66/sound_io.c:168:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areas[ch_Q].ptr, ptSamples, bytes_per_sample);
data/quisk-4.1.66/sound_io.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areas[0].ptr, ptSamples, frames * bytes_per_frame);
data/quisk-4.1.66/sound_io.c:182:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areas[ch_I].ptr, ptSamples, bytes_per_sample);
data/quisk-4.1.66/sound_io.c:186:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areas[ch_Q].ptr, ptSamples, bytes_per_sample);
data/quisk-4.1.66/sound_io.c:273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptWrite, areas[0].ptr, frames * bytes_per_frame);
data/quisk-4.1.66/sound_io.c:277:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptWrite, areas[ch_I].ptr, bytes_per_sample);
data/quisk-4.1.66/sound_io.c:280:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptWrite, areas[ch_Q].ptr, bytes_per_sample);
data/quisk-4.1.66/sound_portaudio.c:225:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev->portaudio_index = i = atoi(dev->name + 10);
data/quisk-4.1.66/sound_portaudio.c:416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf100[100];
data/quisk-4.1.66/sound_pulseaudio.c:512:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fi, fbuffer + i + (dev->channel_I * 4), 4);
data/quisk-4.1.66/sound_pulseaudio.c:513:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fq, fbuffer + i + (dev->channel_Q * 4), 4);
data/quisk-4.1.66/sound_pulseaudio.c:527:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&si, fbuffer + i + (dev->channel_I * 2), 2);
data/quisk-4.1.66/sound_pulseaudio.c:528:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sq, fbuffer + i + (dev->channel_Q * 2), 2);
data/quisk-4.1.66/sound_pulseaudio.c:599:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fbuffer + i + (dev->channel_I * 4), &fi, 4);
data/quisk-4.1.66/sound_pulseaudio.c:600:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fbuffer + i + (dev->channel_Q * 4), &fq, 4);
data/quisk-4.1.66/sound_pulseaudio.c:609:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fbuffer + i + (dev->channel_I * 2), &ii, 2);
data/quisk-4.1.66/sound_pulseaudio.c:610:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fbuffer + i + (dev->channel_Q * 2), &qq, 2);
data/quisk-4.1.66/sound_pulseaudio.c:846:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf300[300];
data/quisk-4.1.66/utility.c:77:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retbuf[QUISK_SC_SIZE];
data/quisk-4.1.66/charleston/chas_rx2.c:560:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/quisk-4.1.66/charleston/chas_rx2.c:621:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/quisk-4.1.66/charleston/chas_rx2.c:693:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "Open Chas Rx1: ", bufsize); // Uh oh, could not open Chas Rx USB
data/quisk-4.1.66/charleston/chas_rx2.c:694:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, strerror(errno), bufsize);
data/quisk-4.1.66/charleston/chas_rx2.c:701:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000); // Charleston wait
data/quisk-4.1.66/charleston/chas_rx2.c:767:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5000);
data/quisk-4.1.66/charleston/chas_rx2.c:794:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10); // just wait
data/quisk-4.1.66/charleston/chas_rx2.c:835:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/quisk-4.1.66/freedv.c:450:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(quisk_rx_msg) < RX_MSG_SIZE)
data/quisk-4.1.66/freedv.c:451:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(quisk_rx_msg, &ch, 1);
data/quisk-4.1.66/freedv.c:634:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(quisk_tx_msg, ptMsg, TX_MSG_SIZE);
data/quisk-4.1.66/is_key_down.c:31:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port_name, port, QUISK_SC_SIZE);
data/quisk-4.1.66/perseuspkg/perseus.c:75:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(rfd, cSamples, sizeof(complex double)*SAMP_BUFFER_SIZE);
data/quisk-4.1.66/quisk.c:1394:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_rec_tmp.file_name, fname, QUISK_PATH_SIZE);
data/quisk-4.1.66/quisk.c:2710:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyUnicode_DecodeUTF8(quisk_sound_state.msg1, strlen(quisk_sound_state.msg1), "replace"),
data/quisk-4.1.66/quisk.c:2712:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyUnicode_DecodeUTF8(quisk_sound_state.err_msg, strlen(quisk_sound_state.err_msg), "replace"),
data/quisk-4.1.66/quisk.c:3915:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(quisk_sound_state.mic_ip, mip, IP_SIZE);
data/quisk-4.1.66/quisk.c:3916:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(quisk_sound_state.IQ_server, QuiskGetConfigString("IQ_Server_IP", ""), IP_SIZE);
data/quisk-4.1.66/quisk.c:5381:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fftw_wisdom_name, name, QUISK_SC_SIZE);
data/quisk-4.1.66/quisk.c:5406:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (quisk_sound_state.err_msg, CLOSED_TEXT, QUISK_SC_SIZE);
data/quisk-4.1.66/sdriqpkg/sdriq.c:125:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(quisk_sdriq_fd, buf, bufsize);
data/quisk-4.1.66/sdriqpkg/sdriq.c:152:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sdr_name, (char *)data, NAME_SIZE);
data/quisk-4.1.66/sdriqpkg/sdriq.c:156:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sdr_serial, (char *)data, NAME_SIZE);
data/quisk-4.1.66/sdriqpkg/sdriq.c:626:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "Open SDR-IQ failed", bufsize);
data/quisk-4.1.66/sdriqpkg/sdriq.c:631:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "Set Timeouts failed", bufsize);
data/quisk-4.1.66/sdriqpkg/sdriq.c:642:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "Open SDR-IQ : ", bufsize);
data/quisk-4.1.66/sdriqpkg/sdriq.c:643:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, strerror(errno), bufsize - strlen(buf) - 1);
data/quisk-4.1.66/sdriqpkg/sdriq.c:643:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, strerror(errno), bufsize - strlen(buf) - 1);
data/quisk-4.1.66/soapypkg/soapy.c:230:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(name);
data/quisk-4.1.66/sound.c:401:85: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void quisk_sample_source(ty_sample_start start, ty_sample_stop stop, ty_sample_read read)
data/quisk-4.1.66/sound.c:405:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pt_sample_read = read;
data/quisk-4.1.66/sound.c:408:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void quisk_sample_source4(ty_sample_start start, ty_sample_stop stop, ty_sample_read read, ty_sample_write write)
data/quisk-4.1.66/sound.c:412:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pt_sample_read = read;
data/quisk-4.1.66/sound.c:982:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (quisk_sound_state.err_msg, CLOSED_TEXT, QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1021:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(radio_sound_ip, QuiskGetConfigString ("radio_sound_ip", ""), QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1022:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(radio_sound_mic_ip, QuiskGetConfigString ("radio_sound_mic_ip", ""), QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1104:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(PlaybackDevices[index]->name, description, QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1105:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(PlaybackDevices[index]->device_name, device_name, QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1109:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(CaptureDevices[index]->name, description, QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1110:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(CaptureDevices[index]->device_name, device_name, QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1152:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(Capture.stream_description, "I/Q Rx Sample Input", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1154:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(Playback.stream_description, "Radio Sound Output", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1156:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(MicCapture.stream_description, "Microphone Input", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1158:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(MicPlayback.stream_description, "I/Q Tx Sample Output", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1160:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(DigitalInput.stream_description, "External Digital Input", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1161:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(DigitalOutput.stream_description, "External Digital Output", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1162:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(RawSamplePlayback.stream_description, "Raw Digital Output", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1163:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(quisk_DigitalRx1Output.stream_description, "Digital Rx1 Output", QUISK_SC_SIZE);
data/quisk-4.1.66/sound.c:1218:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Capture.server, quisk_sound_state.IQ_server, IP_SIZE);
data/quisk-4.1.66/sound.c:1219:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(MicPlayback.server, quisk_sound_state.IQ_server, IP_SIZE);
data/quisk-4.1.66/sound.c:1373:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyUnicode_DecodeUTF8(dev->stream_description, strlen(dev->stream_description), "replace"),
data/quisk-4.1.66/sound.c:1374:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyUnicode_DecodeUTF8(dev->name, strlen(dev->name), "replace"),
data/quisk-4.1.66/sound.c:1376:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyUnicode_DecodeUTF8(dev->dev_errmsg, strlen(dev->dev_errmsg), "replace"));
data/quisk-4.1.66/sound.c:1413:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_rec_audio.file_name, name, QUISK_PATH_SIZE);
data/quisk-4.1.66/sound.c:1419:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_rec_samples.file_name, name, QUISK_PATH_SIZE);
data/quisk-4.1.66/sound.c:1425:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_rec_mic.file_name, name, QUISK_PATH_SIZE);
data/quisk-4.1.66/sound_alsa.c:528:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (dev->msg1, "Available formats: ", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:596:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, dev->name + 5, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:600:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, dev->device_name, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:613:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev->dev_errmsg, quisk_sound_state.err_msg, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:664:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(quisk_sound_state.msg1, dev->msg1, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:665:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (quisk_sound_state.err_msg, "Quisk does not support your capture format.", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:668:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(quisk_sound_state.msg1, dev->msg1, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:676:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(quisk_sound_state.err_msg, "Interleaved access is not available", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:759:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, dev->name + 5, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:763:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, dev->device_name, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:776:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev->dev_errmsg, quisk_sound_state.err_msg, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:837:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(quisk_sound_state.msg1, dev->msg1, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_alsa.c:991:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, card_name + 5, QUISK_SC_SIZE);
data/quisk-4.1.66/sound_directx.c:27:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t wstr_size = wcslen(txt);
data/quisk-4.1.66/sound_directx.c:30:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes_txt = strlen(txt);
data/quisk-4.1.66/sound_directx.c:50:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
py_substring = PyUnicode_DecodeUTF8(name, strlen(name), "replace");
data/quisk-4.1.66/sound_portaudio.c:221:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (dev->msg1, "Using default portaudio device", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_portaudio.c:270:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(quisk_sound_state.err_msg, "Capture and Play sample rates must be equal.", QUISK_SC_SIZE);
data/quisk-4.1.66/sound_portaudio.c:329:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(quisk_sound_state.err_msg, Pa_GetErrorText(error), QUISK_SC_SIZE);
data/quisk-4.1.66/sound_portaudio.c:375:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (quisk_sound_state.msg1, (*pCapture)->msg1, QUISK_SC_SIZE); // Primary capture device
data/quisk-4.1.66/sound_portaudio.c:390:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (quisk_sound_state.msg1, (*pPlayback)->msg1, QUISK_SC_SIZE);
data/quisk-4.1.66/utility.c:89:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(retbuf, PyString_AsString(pystr), QUISK_SC_SIZE);
ANALYSIS SUMMARY:
Hits = 262
Lines analyzed = 20041 in approximately 0.63 seconds (31696 lines/second)
Physical Source Lines of Code (SLOC) = 17473
Hits@level = [0] 570 [1] 78 [2] 161 [3] 6 [4] 6 [5] 11
Hits@level+ = [0+] 832 [1+] 262 [2+] 184 [3+] 23 [4+] 17 [5+] 11
Hits/KSLOC@level+ = [0+] 47.6163 [1+] 14.9946 [2+] 10.5305 [3+] 1.31632 [4+] 0.97293 [5+] 0.629543
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.