Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/soundtouch-2.1.2+ds1/include/BPMDetect.h
Examining data/soundtouch-2.1.2+ds1/include/FIFOSampleBuffer.h
Examining data/soundtouch-2.1.2+ds1/include/FIFOSamplePipe.h
Examining data/soundtouch-2.1.2+ds1/include/STTypes.h
Examining data/soundtouch-2.1.2+ds1/include/SoundTouch.h
Examining data/soundtouch-2.1.2+ds1/source/SoundStretch/RunParameters.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundStretch/RunParameters.h
Examining data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h
Examining data/soundtouch-2.1.2+ds1/source/SoundStretch/main.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/AAFilter.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/AAFilter.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/BPMDetect.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/FIFOSampleBuffer.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/FIRFilter.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/FIRFilter.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/InterpolateCubic.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/InterpolateCubic.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/InterpolateLinear.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/InterpolateLinear.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/InterpolateShannon.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/InterpolateShannon.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/PeakFinder.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/PeakFinder.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/RateTransposer.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/RateTransposer.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/SoundTouch.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/TDStretch.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/TDStretch.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/cpu_detect.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/cpu_detect_x86.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/mmx_optimized.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouch/sse_optimized.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouchDLL/DllTest/DllTest.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouchDLL/SoundTouchDLL.cpp
Examining data/soundtouch-2.1.2+ds1/source/SoundTouchDLL/SoundTouchDLL.h
Examining data/soundtouch-2.1.2+ds1/source/SoundTouchDLL/resource.h
FINAL RESULTS:
data/soundtouch-2.1.2+ds1/source/SoundStretch/main.cpp:281:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, _helloText, SoundTouch::getVersionString());
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:175:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen(fileName, "rb");
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:499:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[5];
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:514:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.format.fmt, fmtStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:559:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.fact.fact_field, factStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:597:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header.data.data_field, dataStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:709:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen(fileName, "wb");
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:752:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.riff.riff_char), riffStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:756:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.riff.wave), waveStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:761:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.format.fmt), fmtStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:773:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.fact.fact_field), factStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header.data.data_field), dataStr, 4);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:878:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTemp, buffer, numElems * 2);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char riff_char[4];
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wave[4];
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[4];
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fact_field[4];
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_field[4];
data/soundtouch-2.1.2+ds1/source/SoundTouch/AAFilter.cpp:56:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptr = fopen("aa_filter_coeffs.txt", "wt");
data/soundtouch-2.1.2+ds1/source/SoundTouch/BPMDetect.cpp:100:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptr = fopen(name, "wt");
data/soundtouch-2.1.2+ds1/source/SoundTouch/BPMDetect.cpp:118:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptr = fopen(name, "wt");
data/soundtouch-2.1.2+ds1/source/SoundTouch/BPMDetect.cpp:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coeffs, lpf_coeffs, 5 * sizeof(double));
data/soundtouch-2.1.2+ds1/source/SoundTouch/FIFOSampleBuffer.cpp:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptrEnd(nSamples), samples, sizeof(SAMPLETYPE) * nSamples * channels);
data/soundtouch-2.1.2+ds1/source/SoundTouch/FIFOSampleBuffer.cpp:177:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, ptrBegin(), samplesInBuffer * channels * sizeof(SAMPLETYPE));
data/soundtouch-2.1.2+ds1/source/SoundTouch/FIFOSampleBuffer.cpp:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, ptrBegin(), channels * sizeof(SAMPLETYPE) * num);
data/soundtouch-2.1.2+ds1/source/SoundTouch/FIRFilter.cpp:245:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filterCoeffs, coeffs, length * sizeof(SAMPLETYPE));
data/soundtouch-2.1.2+ds1/source/SoundTouch/TDStretch.cpp:713:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMidBuffer, inputBuffer.ptrBegin() + channels * (offset + temp),
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:263:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int WavInFile::read(unsigned char *buffer, int maxElems)
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:292:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int WavInFile::read(short *buffer, int maxElems)
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:307:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
numElems = read(temp, maxElems);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.cpp:356:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int WavInFile::read(float *buffer, int maxElems)
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:193:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(unsigned char *buffer, int maxElems);
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:200:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(short *buffer, ///< Pointer to buffer where to read data.
data/soundtouch-2.1.2+ds1/source/SoundStretch/WavFile.h:210:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(float *buffer, ///< Pointer to buffer where to read data.
data/soundtouch-2.1.2+ds1/source/SoundStretch/main.cpp:187:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num = inFile->read(sampleBuffer, BUFF_SIZE);
data/soundtouch-2.1.2+ds1/source/SoundStretch/main.cpp:241:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num = inFile->read(sampleBuffer, readSize);
data/soundtouch-2.1.2+ds1/source/SoundTouchDLL/DllTest/DllTest.cpp:74:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = inFile.read(fbuffer, nmax * numChannels) / numChannels;
data/soundtouch-2.1.2+ds1/source/SoundTouchDLL/DllTest/DllTest.cpp:95:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = inFile.read(i16buffer, nmax * numChannels) / numChannels;
data/soundtouch-2.1.2+ds1/source/SoundTouchDLL/SoundTouchDLL.cpp:126:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(versionString, SoundTouch::getVersionString(), bufferSize - 1);
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 10191 in approximately 0.22 seconds (46846 lines/second)
Physical Source Lines of Code (SLOC) = 5232
Hits@level = [0] 34 [1] 12 [2] 26 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 73 [1+] 39 [2+] 27 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 13.9526 [1+] 7.45413 [2+] 5.16055 [3+] 0.191131 [4+] 0.191131 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.