Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/svox-1.0+git20130326/pico/compat/include/TtsEngine.h Examining data/svox-1.0+git20130326/pico/compat/jni/tts.h Examining data/svox-1.0+git20130326/pico/compat/jni/com_android_tts_compat_SynthProxy.cpp Examining data/svox-1.0+git20130326/pico/lib/picoacph.h Examining data/svox-1.0+git20130326/pico/lib/picoapi.h Examining data/svox-1.0+git20130326/pico/lib/picoapid.h Examining data/svox-1.0+git20130326/pico/lib/picobase.c Examining data/svox-1.0+git20130326/pico/lib/picobase.h Examining data/svox-1.0+git20130326/pico/lib/picocep.h Examining data/svox-1.0+git20130326/pico/lib/picoctrl.h Examining data/svox-1.0+git20130326/pico/lib/picodata.h Examining data/svox-1.0+git20130326/pico/lib/picodbg.c Examining data/svox-1.0+git20130326/pico/lib/picodbg.h Examining data/svox-1.0+git20130326/pico/lib/picodefs.h Examining data/svox-1.0+git20130326/pico/lib/picodsp.h Examining data/svox-1.0+git20130326/pico/lib/picoextapi.c Examining data/svox-1.0+git20130326/pico/lib/picoextapi.h Examining data/svox-1.0+git20130326/pico/lib/picofftsg.c Examining data/svox-1.0+git20130326/pico/lib/picofftsg.h Examining data/svox-1.0+git20130326/pico/lib/picokdbg.c Examining data/svox-1.0+git20130326/pico/lib/picokdbg.h Examining data/svox-1.0+git20130326/pico/lib/picokdt.h Examining data/svox-1.0+git20130326/pico/lib/picokfst.c Examining data/svox-1.0+git20130326/pico/lib/picokfst.h Examining data/svox-1.0+git20130326/pico/lib/picoklex.c Examining data/svox-1.0+git20130326/pico/lib/picoklex.h Examining data/svox-1.0+git20130326/pico/lib/picoknow.c Examining data/svox-1.0+git20130326/pico/lib/picoknow.h Examining data/svox-1.0+git20130326/pico/lib/picokpdf.c Examining data/svox-1.0+git20130326/pico/lib/picokpdf.h Examining data/svox-1.0+git20130326/pico/lib/picokpr.h Examining data/svox-1.0+git20130326/pico/lib/picoktab.c Examining data/svox-1.0+git20130326/pico/lib/picoktab.h Examining data/svox-1.0+git20130326/pico/lib/picoos.c Examining data/svox-1.0+git20130326/pico/lib/picoos.h Examining data/svox-1.0+git20130326/pico/lib/picopal.c Examining data/svox-1.0+git20130326/pico/lib/picopam.c Examining data/svox-1.0+git20130326/pico/lib/picopam.h Examining data/svox-1.0+git20130326/pico/lib/picopr.h Examining data/svox-1.0+git20130326/pico/lib/picorsrc.h Examining data/svox-1.0+git20130326/pico/lib/picosa.c Examining data/svox-1.0+git20130326/pico/lib/picosa.h Examining data/svox-1.0+git20130326/pico/lib/picosig.h Examining data/svox-1.0+git20130326/pico/lib/picosig2.h Examining data/svox-1.0+git20130326/pico/lib/picospho.c Examining data/svox-1.0+git20130326/pico/lib/picospho.h Examining data/svox-1.0+git20130326/pico/lib/picotok.h Examining data/svox-1.0+git20130326/pico/lib/picotrns.c Examining data/svox-1.0+git20130326/pico/lib/picotrns.h Examining data/svox-1.0+git20130326/pico/lib/picowa.c Examining data/svox-1.0+git20130326/pico/lib/picowa.h Examining data/svox-1.0+git20130326/pico/lib/picoapi.c Examining data/svox-1.0+git20130326/pico/lib/picoctrl.c Examining data/svox-1.0+git20130326/pico/lib/picopr.c Examining data/svox-1.0+git20130326/pico/lib/picorsrc.c Examining data/svox-1.0+git20130326/pico/lib/picopal.h Examining data/svox-1.0+git20130326/pico/lib/picopltf.h Examining data/svox-1.0+git20130326/pico/lib/picosig.c Examining data/svox-1.0+git20130326/pico/lib/picotok.c Examining data/svox-1.0+git20130326/pico/lib/picocep.c Examining data/svox-1.0+git20130326/pico/lib/picokpr.c Examining data/svox-1.0+git20130326/pico/lib/picosig2.c Examining data/svox-1.0+git20130326/pico/lib/picoacph.c Examining data/svox-1.0+git20130326/pico/lib/picokdt.c Examining data/svox-1.0+git20130326/pico/lib/picodata.c Examining data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp Examining data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp Examining data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.h Examining data/svox-1.0+git20130326/pico/bin/pico2wave.c FINAL RESULTS: data/svox-1.0+git20130326/pico/bin/pico2wave.c:198:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoTaFileName, PICO_LINGWARE_PATH); data/svox-1.0+git20130326/pico/bin/pico2wave.c:199:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *) picoTaFileName, (const char *) picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/bin/pico2wave.c:208:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoSgFileName, PICO_LINGWARE_PATH); data/svox-1.0+git20130326/pico/bin/pico2wave.c:209:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *) picoSgFileName, (const char *) picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/lib/picoapi.c:54:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int is_valid_system_handle(pico_System system) data/svox-1.0+git20130326/pico/lib/picoapi.c:56:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return (system != NULL) && CHECK_MAGIC_NUMBER(system); data/svox-1.0+git20130326/pico/lib/picoapi.c:56:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return (system != NULL) && CHECK_MAGIC_NUMBER(system); data/svox-1.0+git20130326/pico/lib/picoapi.c:76:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System *system data/svox-1.0+git20130326/pico/lib/picoapi.c:128:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system != NULL) { data/svox-1.0+git20130326/pico/lib/picoapi.c:148:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System *system data/svox-1.0+git20130326/pico/lib/picoapi.c:151:72: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return pico_initialize_priv(memory, size, /*enableMemProt*/ FALSE, system); data/svox-1.0+git20130326/pico/lib/picoapi.c:162:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System *system data/svox-1.0+git20130326/pico/lib/picoapi.c:167:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((system == NULL) || !is_valid_system_handle(*system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:170:28: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System sys = *system; data/svox-1.0+git20130326/pico/lib/picoapi.c:202:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:209:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:242:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:248:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:274:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:282:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:314:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:321:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:347:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:353:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:383:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:387:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:408:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:414:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:439:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:446:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:474:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:480:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:509:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:518:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.c:555:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.c:561:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoapi.h:225:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System *system data/svox-1.0+git20130326/pico/lib/picoapi.h:237:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:247:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:259:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:280:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:292:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:302:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:317:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:328:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:339:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:352:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapi.h:363:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoapid.h:59:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern int is_valid_system_handle(pico_System system); data/svox-1.0+git20130326/pico/lib/picodbg.c:266:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(logFilterFN, PICODBG_DEFAULT_FILTERFN); data/svox-1.0+git20130326/pico/lib/picodbg.c:294:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(logFilterFN, name); data/svox-1.0+git20130326/pico/lib/picodbg.c:331:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. len = vsprintf(msgbuf, format, argptr); data/svox-1.0+git20130326/pico/lib/picodbg.c:352:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, "error" MSG_DELIM); data/svox-1.0+git20130326/pico/lib/picodbg.c:355:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, "warn " MSG_DELIM); data/svox-1.0+git20130326/pico/lib/picodbg.c:358:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, "info " MSG_DELIM); data/svox-1.0+git20130326/pico/lib/picodbg.c:361:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, "debug" MSG_DELIM); data/svox-1.0+git20130326/pico/lib/picodbg.c:364:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, "trace" MSG_DELIM); data/svox-1.0+git20130326/pico/lib/picodbg.c:377:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cb, "%-10s", picodbg_fileTitle(file)); data/svox-1.0+git20130326/pico/lib/picodbg.c:378:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, cb); data/svox-1.0+git20130326/pico/lib/picodbg.c:381:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, cb); data/svox-1.0+git20130326/pico/lib/picodbg.c:383:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, MSG_DELIM); data/svox-1.0+git20130326/pico/lib/picodbg.c:387:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cb, "%-18s", func); data/svox-1.0+git20130326/pico/lib/picodbg.c:388:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, cb); data/svox-1.0+git20130326/pico/lib/picodbg.c:389:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ctxbuf, MSG_DELIM); data/svox-1.0+git20130326/pico/lib/picoextapi.c:52:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System *system); data/svox-1.0+git20130326/pico/lib/picoextapi.c:89:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoextapi.c:93:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (NULL == system) { data/svox-1.0+git20130326/pico/lib/picoextapi.c:108:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoextapi.c:113:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (NULL == system) { data/svox-1.0+git20130326/pico/lib/picoextapi.c:123:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoextapi.c:127:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (NULL == system) { data/svox-1.0+git20130326/pico/lib/picoextapi.c:162:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoextapi.c:171:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!is_valid_system_handle(system)) { data/svox-1.0+git20130326/pico/lib/picoextapi.c:176:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. picoos_Common common = pico_sysGetCommon(system); data/svox-1.0+git20130326/pico/lib/picoextapi.h:111:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoextapi.h:119:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoextapi.h:127:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picoextapi.h:135:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pico_System system, data/svox-1.0+git20130326/pico/lib/picopal.c:124:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (picopal_char *)strcpy((char *)d, (const char *)s); data/svox-1.0+git20130326/pico/lib/picopal.c:128:26: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). return (picopal_char *)strcat((char *)dest, (const char *)src); data/svox-1.0+git20130326/pico/lib/picopal.c:170:24: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. i = (picopal_int16)vsprintf((char *) dst, (const char *)fmt, args); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:258:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)fileName, PICO_SYSTEM_LINGWARE_PATH); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:259:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*)fileName, (const char*)picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:265:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)fileName, PICO_SYSTEM_LINGWARE_PATH); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:266:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*)fileName, (const char*)picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:278:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)fileName, pico_alt_lingware_path); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:279:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*)fileName, (const char*)picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:288:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)fileName, pico_alt_lingware_path); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:289:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*)fileName, (const char*)picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:361:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)tmpFileName, pico_alt_lingware_path); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:362:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*)tmpFileName, (const char*)picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:373:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoTaFileName, PICO_SYSTEM_LINGWARE_PATH); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:374:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoSgFileName, PICO_SYSTEM_LINGWARE_PATH); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:375:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoUtppFileName, PICO_SYSTEM_LINGWARE_PATH); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:377:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoTaFileName, pico_alt_lingware_path); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:378:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoSgFileName, pico_alt_lingware_path); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:379:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) picoUtppFileName, pico_alt_lingware_path); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:381:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *) picoTaFileName, (const char *) picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:382:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *) picoSgFileName, (const char *) picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:383:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *) picoUtppFileName, (const char *) picoInternalUtppLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:489:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( picoProp_currLang, picoSupportedLang[langIndex] ); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:559:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, PICO_PITCH_OPEN_TAG, picoProp_currPitch); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:560:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, tmp); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:566:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, PICO_SPEED_OPEN_TAG, picoProp_currRate); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:567:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, tmp); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:573:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, PICO_VOLUME_OPEN_TAG, picoProp_currVolume); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:574:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, tmp); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:578:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, str); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:580:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, PICO_VOLUME_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:584:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, PICO_SPEED_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:588:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, PICO_PITCH_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:773:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(convstring, PICO_PHONEME_OPEN_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:774:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(convstring, xsampa); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:775:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(convstring, PICO_PHONEME_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:783:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( words[j], PICO_PHONEME_OPEN_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:785:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( words[j], PICO_PHONEME_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:793:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(words[j], PICO_PHONEME_OPEN_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:794:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(words[j], xsampa+start); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:795:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(words[j], PICO_PHONEME_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:800:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(convstring, words[i]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:995:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( XPnt, (const char *)&(PhnAry[idx].strXSAMPA) ); /* copy the XSAMPA string */ data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:999:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(XPnt, (const char *)&ThisPnt); /* just copy it */ data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1028:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)*outXsampaString, XPnt ); /* concatenate XSAMPA */ data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1073:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)pico_alt_lingware_path, config); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1077:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)pico_alt_lingware_path, PICO_LINGWARE_PATH); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1277:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(language, picoSupportedLangIso3[picoCurrentLangIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1278:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(country, picoSupportedCountryIso3[picoCurrentLangIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1410:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value, picoProp_currLang); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1420:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value, tmprate); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1429:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value, tmppitch); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1438:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value, tmpvol); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:135:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_docLanguage, attributes[i+1]); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:220:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xsampastr, phonstr); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:252:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, xsampastr); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:293:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(time, attributes[i+1]); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:308:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(time, SSML_BREAK_WEAK); /* if no time or strength attributes are specified, default to weak break */ data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:318:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, time); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:350:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pitch, "<pitch level='%s'>", svoxpitch); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:359:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, pitch); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:388:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rate, "<speed level='%s'>", svoxrate); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:397:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, rate); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:431:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(volume, "<volume level='%s'>", svoxvol); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:440:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, volume); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:476:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, attributes[i+1]); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:538:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, m_appendix); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:586:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(m_data, content); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:605:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_PITCH_XLOW); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:615:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_PITCH_LOW); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:625:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_PITCH_MEDIUM); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:635:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_PITCH_MEDIUM); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:645:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_PITCH_HIGH); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:655:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_PITCH_XHIGH); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:675:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_RATE_XSLOW); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:685:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_RATE_SLOW); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:695:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_RATE_MEDIUM); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:705:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_RATE_MEDIUM); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:715:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_RATE_FAST); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:725:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_RATE_XFAST); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:745:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_VOLUME_SILENT); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:755:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_VOLUME_XLOW); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:765:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_VOLUME_LOW); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:775:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_VOLUME_MEDIUM); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:785:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_VOLUME_MEDIUM); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:795:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_VOLUME_LOUD); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:805:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_VOLUME_XLOUD); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:825:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_BREAK_NONE); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:835:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_BREAK_XWEAK); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:845:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_BREAK_WEAK); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:855:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_BREAK_MEDIUM); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:865:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_BREAK_STRONG); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:875:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(converted, SSML_BREAK_XSTRONG); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:890:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, m_data); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:900:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_data, tmp); data/svox-1.0+git20130326/pico/bin/pico2wave.c:199:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoTaFileName, (const char *) picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/bin/pico2wave.c:199:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoTaFileName, (const char *) picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/bin/pico2wave.c:209:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoSgFileName, (const char *) picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/bin/pico2wave.c:209:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoSgFileName, (const char *) picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/bin/pico2wave.c:318:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer+bufused, (int8_t *) outbuf, bytes_recv); data/svox-1.0+git20130326/pico/bin/pico2wave.c:326:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, (int8_t *) outbuf, bytes_recv); data/svox-1.0+git20130326/pico/compat/jni/com_android_tts_compat_SynthProxy.cpp:597:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lang[bufSize]; data/svox-1.0+git20130326/pico/compat/jni/com_android_tts_compat_SynthProxy.cpp:598:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char country[bufSize]; data/svox-1.0+git20130326/pico/compat/jni/com_android_tts_compat_SynthProxy.cpp:599:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char variant[bufSize]; data/svox-1.0+git20130326/pico/lib/picoapi.h:189:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char pico_Retstring[PICO_RETSTRINGSIZE]; data/svox-1.0+git20130326/pico/lib/picodbg.c:87:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char logFilterFN[MAX_FILTERFN_LEN + 1]; data/svox-1.0+git20130326/pico/lib/picodbg.c:99:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ctxbuf[MAX_CONTEXT_LEN + 1]; data/svox-1.0+git20130326/pico/lib/picodbg.c:102:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msgbuf[MAX_MESSAGE_LEN + 1]; data/svox-1.0+git20130326/pico/lib/picodbg.c:305:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logFile = fopen(name, "wt"); data/svox-1.0+git20130326/pico/lib/picodbg.c:341:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb[MAX_CONTEXT_LEN + 1]; data/svox-1.0+git20130326/pico/lib/picodbg.c:348:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ctxbuf, "*** "); data/svox-1.0+git20130326/pico/lib/picodbg.c:380:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cb, "(%d)", line); data/svox-1.0+git20130326/pico/lib/picopal.c:100:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (picopal_int32)atoi((const char *)s); data/svox-1.0+git20130326/pico/lib/picopal.c:315:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). res = (picopal_File) fopen((char *)filename, (char *)"r"); data/svox-1.0+git20130326/pico/lib/picopal.c:318:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). res = (picopal_File) fopen((char *)filename, (char *)"w"); data/svox-1.0+git20130326/pico/lib/picopal.c:321:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). res = (picopal_File) fopen((char *)filename, (char *)"rb"); data/svox-1.0+git20130326/pico/lib/picopal.c:324:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). res = (picopal_File) fopen((char *)filename, (char *)"wb"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:260:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFile = fopen(fileName, "r"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:267:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFile = fopen(fileName, "r"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:280:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFile = fopen(fileName, "r"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:290:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFile = fopen(fileName, "r"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:363:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFile = fopen(tmpFileName, "r"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:381:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoTaFileName, (const char *) picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:381:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoTaFileName, (const char *) picoInternalTaLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:382:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoSgFileName, (const char *) picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:382:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoSgFileName, (const char *) picoInternalSgLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:383:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoUtppFileName, (const char *) picoInternalUtppLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:383:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcat((char *) picoUtppFileName, (const char *) picoInternalUtppLingware[langIndex]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:777:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * words[numWords]; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:812:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strXSAMPA[6]; /* SAMPA sequence */ data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1345:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rate = atoi(value); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1355:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pitch = atoi(value); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1365:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). volume = atoi(value); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1414:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmprate[4]; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1415:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmprate, "%d", picoProp_currRate); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1423:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppitch[4]; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1424:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmppitch, "%d", picoProp_currPitch); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1432:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpvol[4]; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1433:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpvol, "%d", picoProp_currVolume); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1584:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer+bufused, (int8_t *) outbuf, bytes_recv); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1597:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, (int8_t *) outbuf, bytes_recv); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:150:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "<p>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:162:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "<s>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:249:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "<phoneme ph='"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:265:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "'/>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:280:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "<break time='"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:319:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "'/>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:342:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(svoxpitch, "100"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:365:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_appendix, "</pitch>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:380:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(svoxrate, "100"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:408:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_appendix, "</speed>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:423:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(svoxvol, "100"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:446:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_appendix, "</volume>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:462:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "<usesig file='"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:479:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "'>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:504:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "</p>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:516:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "</s>"); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:553:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(m_data, "</usesig>"); data/svox-1.0+git20130326/pico/bin/pico2wave.c:273:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_remaining = strlen((const char *) local_text) + 1; data/svox-1.0+git20130326/pico/lib/picodbg.c:304:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name != NULL) && (strlen(name) > 0)) { data/svox-1.0+git20130326/pico/lib/picodbg.c:346:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(logFilterFN) == 0) || !strcmp(logFilterFN, picodbg_fileTitle(file)))) { data/svox-1.0+git20130326/pico/lib/picodbg.c:386:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(func) > 0) { data/svox-1.0+git20130326/pico/lib/picodbg.c:403:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(logFilterFN) == 0) || !strcmp(logFilterFN, picodbg_fileTitle(file)))) { data/svox-1.0+git20130326/pico/lib/picodbg.c:411:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(func) > 0) { data/svox-1.0+git20130326/pico/lib/picoktab.c:973:25: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. picoos_uint16 i, j, equal; data/svox-1.0+git20130326/pico/lib/picoktab.c:978:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. while (equal && (i < len)) { data/svox-1.0+git20130326/pico/lib/picoktab.c:988:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return equal; data/svox-1.0+git20130326/pico/lib/picoos.c:1930:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). static picoos_uint8 os_matched( picoos_char * str, picoos_uint32 strlen, picoos_char * buf, picoos_int32 bufpos) { data/svox-1.0+git20130326/pico/lib/picoos.c:1963:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). picoos_uint8 strlen, bufpos; data/svox-1.0+git20130326/pico/lib/picoos.c:1967:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). picoos_getSVOXHeaderString(str,&strlen,32); data/svox-1.0+git20130326/pico/lib/picoos.c:1972:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen; data/svox-1.0+git20130326/pico/lib/picoos.c:1973:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). done = picoos_ReadBytes(f,(picoos_uint8 *)buf,&n) && (n == strlen); data/svox-1.0+git20130326/pico/lib/picoos.c:1977:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). done = os_matched(str,strlen,buf,bufpos); data/svox-1.0+git20130326/pico/lib/picoos.c:1980:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufpos = (bufpos + 1) % strlen; data/svox-1.0+git20130326/pico/lib/picoos.c:1982:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). done = done && os_matched(str,strlen,buf,bufpos); data/svox-1.0+git20130326/pico/lib/picopal.c:112:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (picopal_objsize_t)strlen((const char *)s); data/svox-1.0+git20130326/pico/lib/picopal.c:387:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res = fgetc((FILE *)f); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:533:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen = strlen(str) + 1; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:535:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen += strlen(PICO_PITCH_OPEN_TAG) + 5; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:536:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen += strlen(PICO_PITCH_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:540:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen += strlen(PICO_SPEED_OPEN_TAG) + 5; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:541:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen += strlen(PICO_SPEED_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:546:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen += strlen(PICO_VOLUME_OPEN_TAG) + 5; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:547:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen += strlen(PICO_VOLUME_CLOSE_TAG); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:558:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tmp = (char*)malloc(strlen(PICO_PITCH_OPEN_TAG) + strlen(PICO_PITCH_CLOSE_TAG) + 5); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:558:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tmp = (char*)malloc(strlen(PICO_PITCH_OPEN_TAG) + strlen(PICO_PITCH_CLOSE_TAG) + 5); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:565:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tmp = (char*)malloc(strlen(PICO_SPEED_OPEN_TAG) + strlen(PICO_SPEED_CLOSE_TAG) + 5); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:565:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tmp = (char*)malloc(strlen(PICO_SPEED_OPEN_TAG) + strlen(PICO_SPEED_CLOSE_TAG) + 5); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:572:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tmp = (char*)malloc(strlen(PICO_VOLUME_OPEN_TAG) + strlen(PICO_VOLUME_CLOSE_TAG) + 5); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:572:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tmp = (char*)malloc(strlen(PICO_VOLUME_OPEN_TAG) + strlen(PICO_VOLUME_CLOSE_TAG) + 5); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:697:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen = strlen(str) + 1; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:731:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&(data[outpos]), &(str[stokstart]), stoklen); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:733:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(&(data[outpos]), " ", 1); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:760:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int origStrLen = strlen(xsampa); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:784:17: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(words[j], xsampa+start, i-start); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:788:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). totalLength += strlen(words[j-1]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:796:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). totalLength += strlen(words[j]); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1031:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xsize = strlen(*outXsampaString); /* get the final length */ data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1071:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((config != NULL) && (strlen(config) > 0)) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1072:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pico_alt_lingware_path = (char*)malloc(strlen(config)); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1076:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pico_alt_lingware_path = (char*)malloc(strlen(PICO_LINGWARE_PATH) + 1); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1235:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((country == NULL) || (strlen(country) == 0)) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1273:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(language, "\0"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1274:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(country, "\0"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1275:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(variant, "\0"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1280:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(variant, "\0"); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1332:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value) != 2 && strlen(value) != 6) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1332:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value) != 2 && strlen(value) != 6) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1404:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(value, ""); data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1406:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*iosize < strlen(picoProp_currLang)+1) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1407:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *iosize = strlen(picoProp_currLang) + 1; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1416:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*iosize < strlen(tmprate)+1) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1417:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *iosize = strlen(tmprate) + 1; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1425:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*iosize < strlen(tmppitch)+1) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1426:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *iosize = strlen(tmppitch) + 1; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1434:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*iosize < strlen(tmpvol)+1) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1435:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *iosize = strlen(tmpvol) + 1; data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1475:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text) == 0) { data/svox-1.0+git20130326/pico/tts/com_svox_picottsengine.cpp:1549:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_remaining = strlen((const char *) local_text) + 1; data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:83:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int doclen = (int)strlen(ssmldoc) + 1; data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:112:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) > 0) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:133:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_docLanguage = new char[strlen(attributes[i+1])+1]; data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:142:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 4 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:154:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 4 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:209:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xsampasize = strlen(xsampastr); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:216:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* phonstr = createPhonemeString(xsampastr, strlen(xsampastr) + 1); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:219:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xsampastr = (char*)malloc(strlen(phonstr) + 1); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:228:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(xsampastr) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:228:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(xsampastr) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:240:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(xsampastr) + 17 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:240:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(xsampastr) + 17 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:257:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 4 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:272:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 17 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:287:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). time = new char[strlen(attributes[i+1]) + 1]; data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:310:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(time) + 4 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:310:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(time) + 4 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:344:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* pitch = new char[17 + strlen(svoxpitch)]; data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:351:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(pitch) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:351:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(pitch) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:382:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* rate = new char[17 + strlen(svoxrate)]; data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:389:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(rate) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:389:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(rate) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:425:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* volume = new char[18 + strlen(svoxvol)]; data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:432:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(volume) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:432:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(volume) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:454:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 17 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:468:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(attributes[i+1]) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:468:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(attributes[i+1]) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:496:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 5 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:508:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 5 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:530:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(m_appendix) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:530:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(m_appendix) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:545:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + 10 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:575:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(content, text, length); data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:578:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(content) + 1 > (size_t)m_datasize) data/svox-1.0+git20130326/pico/tts/svox_ssml_parser.cpp:578:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(m_data) + strlen(content) + 1 > (size_t)m_datasize) ANALYSIS SUMMARY: Hits = 334 Lines analyzed = 52330 in approximately 1.48 seconds (35407 lines/second) Physical Source Lines of Code (SLOC) = 36462 Hits@level = [0] 28 [1] 98 [2] 63 [3] 0 [4] 173 [5] 0 Hits@level+ = [0+] 362 [1+] 334 [2+] 236 [3+] 173 [4+] 173 [5+] 0 Hits/KSLOC@level+ = [0+] 9.92814 [1+] 9.16022 [2+] 6.47249 [3+] 4.74467 [4+] 4.74467 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.