Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/speakup-3.1.6.dfsg.1/src/buffers.c
Examining data/speakup-3.1.6.dfsg.1/src/devsynth.c
Examining data/speakup-3.1.6.dfsg.1/src/fakekey.c
Examining data/speakup-3.1.6.dfsg.1/src/i18n.c
Examining data/speakup-3.1.6.dfsg.1/src/i18n.h
Examining data/speakup-3.1.6.dfsg.1/src/keyhelp.c
Examining data/speakup-3.1.6.dfsg.1/src/kobjects.c
Examining data/speakup-3.1.6.dfsg.1/src/main.c
Examining data/speakup-3.1.6.dfsg.1/src/selection.c
Examining data/speakup-3.1.6.dfsg.1/src/serialio.c
Examining data/speakup-3.1.6.dfsg.1/src/serialio.h
Examining data/speakup-3.1.6.dfsg.1/src/speakup.h
Examining data/speakup-3.1.6.dfsg.1/src/speakup_acnt.h
Examining data/speakup-3.1.6.dfsg.1/src/speakup_acntpc.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_acntsa.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_apollo.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_audptr.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_bns.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_decext.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_dectlk.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_dtlk.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_dtlk.h
Examining data/speakup-3.1.6.dfsg.1/src/speakup_dummy.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_keypc.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_ltlk.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_soft.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_spkout.c
Examining data/speakup-3.1.6.dfsg.1/src/speakup_txprt.c
Examining data/speakup-3.1.6.dfsg.1/src/speakupmap.h
Examining data/speakup-3.1.6.dfsg.1/src/spk_priv.h
Examining data/speakup-3.1.6.dfsg.1/src/spk_priv_keyinfo.h
Examining data/speakup-3.1.6.dfsg.1/src/spk_types.h
Examining data/speakup-3.1.6.dfsg.1/src/synth.c
Examining data/speakup-3.1.6.dfsg.1/src/thread.c
Examining data/speakup-3.1.6.dfsg.1/src/varhandlers.c
FINAL RESULTS:
data/speakup-3.1.6.dfsg.1/src/kobjects.c:369:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
rv = sprintf(buf, "%s\n", "none");
data/speakup-3.1.6.dfsg.1/src/kobjects.c:371:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
rv = sprintf(buf, "%s\n", synth->name);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:437:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cp += sprintf(cp, "Speakup version %s\n", SPEAKUP_VERSION);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:439:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cp += sprintf(cp, "%s synthesizer driver version %s\n",
data/speakup-3.1.6.dfsg.1/src/kobjects.c:576:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
rv = sprintf(buf, "Bad parameter %s, type %i\n",
data/speakup-3.1.6.dfsg.1/src/main.c:1793:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(info, sizeof(info), msg_get(MSG_WINDOW_LINE),
data/speakup-3.1.6.dfsg.1/src/main.c:1803:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(info, sizeof(info), msg_get(MSG_WINDOW_BOUNDARY),
data/speakup-3.1.6.dfsg.1/src/speakup_soft.c:164:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cp = cp + sprintf(cp, var->u.n.synth_fmt, var->u.n.value);
data/speakup-3.1.6.dfsg.1/src/synth.c:226:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
r = vsnprintf(buf, sizeof(buf), fmt, args);
data/speakup-3.1.6.dfsg.1/src/varhandlers.c:239:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
l = sprintf(cp, var_data->u.n.synth_fmt, (int)val);
data/speakup-3.1.6.dfsg.1/src/varhandlers.c:241:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
l = sprintf(cp, var_data->u.n.synth_fmt, var_data->u.n.out_str[val]);
data/speakup-3.1.6.dfsg.1/src/varhandlers.c:261:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)var->p_val, var_data->u.s.default_val);
data/speakup-3.1.6.dfsg.1/src/varhandlers.c:263:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)var->p_val, page);
data/speakup-3.1.6.dfsg.1/src/i18n.c:11:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *speakup_msgs[MSG_LAST_INDEX];
data/speakup-3.1.6.dfsg.1/src/i18n.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *speakup_default_msgs [MSG_LAST_INDEX] = {
data/speakup-3.1.6.dfsg.1/src/i18n.c:549:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, text, length);
data/speakup-3.1.6.dfsg.1/src/i18n.c:605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(speakup_msgs, speakup_default_msgs, sizeof(speakup_default_msgs));
data/speakup-3.1.6.dfsg.1/src/kobjects.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/speakup-3.1.6.dfsg.1/src/kobjects.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[MAX_DESC_LEN + 1];
data/speakup-3.1.6.dfsg.1/src/kobjects.c:237:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "%d, %d, %d,\n", KEY_MAP_VER, num_keys, nstates);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:244:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "%d,", (int)ch);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:248:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "0, %d\n", KEY_MAP_VER);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in_buff, buf, count + 1);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_synth_name[10];
data/speakup-3.1.6.dfsg.1/src/kobjects.c:492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char punc_buf[100];
data/speakup-3.1.6.dfsg.1/src/kobjects.c:553:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
rv = sprintf(buf, "%i\n", var->u.n.value);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:555:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
rv = sprintf(buf, "0\n");
data/speakup-3.1.6.dfsg.1/src/kobjects.c:565:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp1 += sprintf(cp1, "\\""x%02x", ch);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:572:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
rv = sprintf(buf, "\"\"\n");
data/speakup-3.1.6.dfsg.1/src/kobjects.c:705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[160];
data/speakup-3.1.6.dfsg.1/src/main.c:77:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/speakup-3.1.6.dfsg.1/src/main.c:84:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_caps_start[MAXVARLEN+1] = "\0", str_caps_stop[MAXVARLEN+1] = "\0";
data/speakup-3.1.6.dfsg.1/src/main.c:132:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *characters[256];
data/speakup-3.1.6.dfsg.1/src/main.c:134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *default_chars[256] = {
data/speakup-3.1.6.dfsg.1/src/main.c:812:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sentbufend[2];
data/speakup-3.1.6.dfsg.1/src/main.c:813:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sentmarks[2][10];
data/speakup-3.1.6.dfsg.1/src/main.c:816:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sentbuf[2][256];
data/speakup-3.1.6.dfsg.1/src/main.c:1172:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp1, cp, key_data_len + 3);
data/speakup-3.1.6.dfsg.1/src/main.c:1229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(characters, default_chars, sizeof(default_chars));
data/speakup-3.1.6.dfsg.1/src/main.c:1234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(spk_chartab, default_chartab, sizeof(default_chartab));
data/speakup-3.1.6.dfsg.1/src/main.c:1749:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_buf[32];
data/speakup-3.1.6.dfsg.1/src/main.c:1780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[40];
data/speakup-3.1.6.dfsg.1/src/speakup_audptr.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char synth_id[40] = "";
data/speakup-3.1.6.dfsg.1/src/speakup_dtlk.c:267:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[sizeof(struct synth_settings) + 1];
data/speakup-3.1.6.dfsg.1/src/speakup_ltlk.c:144:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[50], rom_v[20];
data/speakup-3.1.6.dfsg.1/src/speakup_soft.c:154:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40];
data/speakup-3.1.6.dfsg.1/src/speakup_soft.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indbuf[5];
data/speakup-3.1.6.dfsg.1/src/spk_types.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char highbuf[8][COLOR_BUFFER_SIZE];
data/speakup-3.1.6.dfsg.1/src/synth.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pitch_buff[32] = "";
data/speakup-3.1.6.dfsg.1/src/synth.c:222:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[160], *p;
data/speakup-3.1.6.dfsg.1/src/varhandlers.c:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nothing[2] = "\0";
data/speakup-3.1.6.dfsg.1/src/varhandlers.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/speakup-3.1.6.dfsg.1/src/kobjects.c:333:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:384:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:387:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_synth_name, buf, len);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:415:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:418:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, ptr, bytes);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:495:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(buf);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:512:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(punc_buf, buf, x);
data/speakup-3.1.6.dfsg.1/src/kobjects.c:628:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/speakup-3.1.6.dfsg.1/src/speakup_soft.c:167:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
cp = cp + sprintf(cp, "\n");
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 10026 in approximately 0.28 seconds (35648 lines/second)
Physical Source Lines of Code (SLOC) = 8258
Hits@level = [0] 5 [1] 9 [2] 39 [3] 0 [4] 13 [5] 0
Hits@level+ = [0+] 66 [1+] 61 [2+] 52 [3+] 13 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 7.99225 [1+] 7.38678 [2+] 6.29692 [3+] 1.57423 [4+] 1.57423 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.