Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiofifo.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiooutput.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/channelizer.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/dspcommands.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/dspengine.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftengine.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftsengine.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftwengine.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/fftwindow.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/interpolator.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/kissengine.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/lowpass.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/movingaverage.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/nco.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/pidcontroller.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/scopevis.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/spectrumvis.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/dsp/inthalfbandfilter.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/aboutdialog.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/addpresetdialog.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/buttonswitch.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/channelwindow.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/glscope.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/glspectrum.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/glspectrumgui.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/indicator.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/physicalunit.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/pluginsdialog.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/preferencesdialog.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/presetitem.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/scale.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/scaleengine.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/scopewindow.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/gui/valuedial.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/mainwindow.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/plugin/pluginmanager.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/settings/preferences.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/settings/preset.h
Examining data/sdrangelove-0.0.1.20150707/include-gpl/settings/settings.h
Examining data/sdrangelove-0.0.1.20150707/include/dsp/channelmarker.h
Examining data/sdrangelove-0.0.1.20150707/include/dsp/dsptypes.h
Examining data/sdrangelove-0.0.1.20150707/include/dsp/kissfft.h
Examining data/sdrangelove-0.0.1.20150707/include/dsp/samplefifo.h
Examining data/sdrangelove-0.0.1.20150707/include/dsp/samplesink.h
Examining data/sdrangelove-0.0.1.20150707/include/dsp/samplesource/samplesource.h
Examining data/sdrangelove-0.0.1.20150707/include/dsp/threadedsamplesink.h
Examining data/sdrangelove-0.0.1.20150707/include/gui/basicchannelsettingswidget.h
Examining data/sdrangelove-0.0.1.20150707/include/gui/rollupwidget.h
Examining data/sdrangelove-0.0.1.20150707/include/plugin/pluginapi.h
Examining data/sdrangelove-0.0.1.20150707/include/plugin/plugingui.h
Examining data/sdrangelove-0.0.1.20150707/include/plugin/plugininterface.h
Examining data/sdrangelove-0.0.1.20150707/include/util/export.h
Examining data/sdrangelove-0.0.1.20150707/include/util/message.h
Examining data/sdrangelove-0.0.1.20150707/include/util/messagequeue.h
Examining data/sdrangelove-0.0.1.20150707/include/util/miniz.h
Examining data/sdrangelove-0.0.1.20150707/include/util/simpleserializer.h
Examining data/sdrangelove-0.0.1.20150707/include/util/spinlock.h
Examining data/sdrangelove-0.0.1.20150707/main.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemod.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemod.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemodgui.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmdemodgui.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmplugin.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/nfm/nfmplugin.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrc.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrc.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcgui.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcgui.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcplugin.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tcpsrc/tcpsrcplugin.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademod.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademod.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademodgui.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademodgui.h
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetraplugin.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetraplugin.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiogui.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiogui.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioinput.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioinput.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioplugin.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradioplugin.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiothread.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/gnuradio/gnuradiothread.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrgui.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrthread.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrthread.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrupgrade.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrupgrade.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrgui.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrgui.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrgui.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.h
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrthread.cpp
Examining data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrthread.h
Examining data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/channelizer.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/channelmarker.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/dspcommands.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/dspengine.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftengine.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftsengine.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftwengine.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/fftwindow.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/interpolator.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/inthalfbandfilter.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/kissengine.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/lowpass.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/movingaverage.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/nco.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/pidcontroller.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/samplefifo.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/samplesink.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/samplesource/samplesource.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/scopevis.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/spectrumvis.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/dsp/threadedsamplesink.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/aboutdialog.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/addpresetdialog.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/basicchannelsettingswidget.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/buttonswitch.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/channelwindow.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/glscope.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/glspectrum.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/glspectrumgui.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/indicator.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/pluginsdialog.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/preferencesdialog.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/presetitem.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/scale.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/scaleengine.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/scopewindow.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/valuedial.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/gui/rollupwidget.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/mainwindow.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/pluginapi.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/plugingui.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/plugininterface.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/plugin/pluginmanager.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/settings/preferences.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/settings/preset.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/settings/settings.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/message.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/messagequeue.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/simpleserializer.cpp
Examining data/sdrangelove-0.0.1.20150707/sdrbase/util/spinlock.cpp
FINAL RESULTS:
data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiooutput.h:61:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode);
data/sdrangelove-0.0.1.20150707/plugins/channel/tetra/tetrademod.cpp:96:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/tmp/tetra.iq", "wb");
data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrinput.cpp:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrplugin.cpp:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/osmosdr/osmosdrupgrade.cpp:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[64];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrinput.cpp:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[256];
data/sdrangelove-0.0.1.20150707/plugins/samplesource/rtlsdr/rtlsdrplugin.cpp:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[256];
data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_fifo + (m_tail * m_sampleSize), data, copyLen * m_sampleSize);
data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, m_fifo + (m_head * m_sampleSize), copyLen * m_sampleSize);
data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp:96:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QIODevice::open(QIODevice::ReadOnly);
data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp:150:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool AudioOutput::open(OpenMode mode)
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:487:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:898:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint16[sizeof(mz_uint16)==2 ? 1 : -1];
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:899:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint32[sizeof(mz_uint32)==4 ? 1 : -1];
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:900:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint64[sizeof(mz_uint64)==8 ? 1 : -1];
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1246:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1326:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define TINFL_MEMCPY(d, s, l) memcpy(d, s, l)
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1915:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:1916:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2212:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2313:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2315:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2591:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2719:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8*)p->m_pBuf + p->m_size, pBuf, len); p->m_size = new_size;
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2785:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_buf.m_pBuf, pnghdr, 41);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2825:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(pFilename, pMode);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:2979:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8*)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); pStat->m_filename[n] = '\0';
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n); pStat->m_comment[n] = '\0';
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3377:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3943:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3991:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mz_uint64 cur_ofs = 0; char buf[4096]; MZ_CLEAR_OBJ(buf);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
data/sdrangelove-0.0.1.20150707/include-gpl/audio/audiofifo.h:34:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint read(quint8* data, uint numSamples, int timeout = INT_MAX);
data/sdrangelove-0.0.1.20150707/include/dsp/samplefifo.h:55:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint read(SampleVector::iterator begin, SampleVector::iterator end);
data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiofifo.cpp:120:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint AudioFifo::read(quint8* data, uint numSamples, int timeout)
data/sdrangelove-0.0.1.20150707/sdrbase/audio/audiooutput.cpp:178:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint samples = (*it)->read((quint8*)data, framesPerBuffer, 1);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3417:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const mz_uint filename_len = (mz_uint)strlen(pFilename);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3439:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(pName); if (name_len > 0xFFFF) return -1;
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:3440:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment_len = pComment ? strlen(pComment) : 0; if (comment_len > 0xFFFF) return -1;
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4219:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
data/sdrangelove-0.0.1.20150707/sdrbase/util/miniz.cpp:4354:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
ANALYSIS SUMMARY:
Hits = 54
Lines analyzed = 23129 in approximately 0.52 seconds (44596 lines/second)
Physical Source Lines of Code (SLOC) = 17910
Hits@level = [0] 4 [1] 9 [2] 45 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 58 [1+] 54 [2+] 45 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.23841 [1+] 3.01508 [2+] 2.51256 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.