Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/swami-2.2.1/src/libswami/SwamiContainer.c Examining data/swami-2.2.1/src/libswami/SwamiContainer.h Examining data/swami-2.2.1/src/libswami/SwamiControl.c Examining data/swami-2.2.1/src/libswami/SwamiControl.h Examining data/swami-2.2.1/src/libswami/SwamiControlEvent.c Examining data/swami-2.2.1/src/libswami/SwamiControlEvent.h Examining data/swami-2.2.1/src/libswami/SwamiControlFunc.c Examining data/swami-2.2.1/src/libswami/SwamiControlFunc.h Examining data/swami-2.2.1/src/libswami/SwamiControlHub.c Examining data/swami-2.2.1/src/libswami/SwamiControlHub.h Examining data/swami-2.2.1/src/libswami/SwamiControlMidi.c Examining data/swami-2.2.1/src/libswami/SwamiControlMidi.h Examining data/swami-2.2.1/src/libswami/SwamiControlProp.c Examining data/swami-2.2.1/src/libswami/SwamiControlProp.h Examining data/swami-2.2.1/src/libswami/SwamiControlQueue.c Examining data/swami-2.2.1/src/libswami/SwamiControlQueue.h Examining data/swami-2.2.1/src/libswami/SwamiControlValue.c Examining data/swami-2.2.1/src/libswami/SwamiControlValue.h Examining data/swami-2.2.1/src/libswami/SwamiEvent_ipatch.c Examining data/swami-2.2.1/src/libswami/SwamiEvent_ipatch.h Examining data/swami-2.2.1/src/libswami/SwamiLock.c Examining data/swami-2.2.1/src/libswami/SwamiLock.h Examining data/swami-2.2.1/src/libswami/SwamiLog.c Examining data/swami-2.2.1/src/libswami/SwamiLog.h Examining data/swami-2.2.1/src/libswami/SwamiLoopFinder.c Examining data/swami-2.2.1/src/libswami/SwamiLoopFinder.h Examining data/swami-2.2.1/src/libswami/SwamiLoopResults.c Examining data/swami-2.2.1/src/libswami/SwamiLoopResults.h Examining data/swami-2.2.1/src/libswami/SwamiMidiDevice.c Examining data/swami-2.2.1/src/libswami/SwamiMidiDevice.h Examining data/swami-2.2.1/src/libswami/SwamiMidiEvent.c Examining data/swami-2.2.1/src/libswami/SwamiMidiEvent.h Examining data/swami-2.2.1/src/libswami/SwamiObject.c Examining data/swami-2.2.1/src/libswami/SwamiObject.h Examining data/swami-2.2.1/src/libswami/SwamiParam.c Examining data/swami-2.2.1/src/libswami/SwamiParam.h Examining data/swami-2.2.1/src/libswami/SwamiPlugin.c Examining data/swami-2.2.1/src/libswami/SwamiPlugin.h Examining data/swami-2.2.1/src/libswami/SwamiPropTree.c Examining data/swami-2.2.1/src/libswami/SwamiPropTree.h Examining data/swami-2.2.1/src/libswami/SwamiRoot.c Examining data/swami-2.2.1/src/libswami/SwamiRoot.h Examining data/swami-2.2.1/src/libswami/SwamiWavetbl.c Examining data/swami-2.2.1/src/libswami/SwamiWavetbl.h Examining data/swami-2.2.1/src/libswami/builtin_enums.c Examining data/swami-2.2.1/src/libswami/builtin_enums.h Examining data/swami-2.2.1/src/libswami/i18n.h Examining data/swami-2.2.1/src/libswami/libswami.c Examining data/swami-2.2.1/src/libswami/libswami.h Examining data/swami-2.2.1/src/libswami/swami_priv.h Examining data/swami-2.2.1/src/libswami/util.c Examining data/swami-2.2.1/src/libswami/util.h Examining data/swami-2.2.1/src/libswami/value_transform.c Examining data/swami-2.2.1/src/plugins/fftune.c Examining data/swami-2.2.1/src/plugins/fftune.h Examining data/swami-2.2.1/src/plugins/fftune_gui.c Examining data/swami-2.2.1/src/plugins/fftune_gui.h Examining data/swami-2.2.1/src/plugins/fftune_i18n.h Examining data/swami-2.2.1/src/plugins/fluidsynth.c Examining data/swami-2.2.1/src/plugins/fluidsynth_gui.c Examining data/swami-2.2.1/src/plugins/fluidsynth_gui_i18n.h Examining data/swami-2.2.1/src/plugins/fluidsynth_i18n.c Examining data/swami-2.2.1/src/plugins/fluidsynth_i18n.h Examining data/swami-2.2.1/src/swamigui/SwamiguiBar.c Examining data/swami-2.2.1/src/swamigui/SwamiguiBar.h Examining data/swami-2.2.1/src/swamigui/SwamiguiBarPtr.c Examining data/swami-2.2.1/src/swamigui/SwamiguiBarPtr.h Examining data/swami-2.2.1/src/swamigui/SwamiguiCanvasMod.c Examining data/swami-2.2.1/src/swamigui/SwamiguiCanvasMod.h Examining data/swami-2.2.1/src/swamigui/SwamiguiComboEntry.c Examining data/swami-2.2.1/src/swamigui/SwamiguiComboEntry.h Examining data/swami-2.2.1/src/swamigui/SwamiguiControl.c Examining data/swami-2.2.1/src/swamigui/SwamiguiControl.h Examining data/swami-2.2.1/src/swamigui/SwamiguiControlAdj.c Examining data/swami-2.2.1/src/swamigui/SwamiguiControlAdj.h Examining data/swami-2.2.1/src/swamigui/SwamiguiControlMidiKey.c Examining data/swami-2.2.1/src/swamigui/SwamiguiControlMidiKey.h Examining data/swami-2.2.1/src/swamigui/SwamiguiControl_widgets.c Examining data/swami-2.2.1/src/swamigui/SwamiguiDnd.h Examining data/swami-2.2.1/src/swamigui/SwamiguiItemMenu.c Examining data/swami-2.2.1/src/swamigui/SwamiguiItemMenu.h Examining data/swami-2.2.1/src/swamigui/SwamiguiItemMenu_actions.c Examining data/swami-2.2.1/src/swamigui/SwamiguiKnob.c Examining data/swami-2.2.1/src/swamigui/SwamiguiKnob.h Examining data/swami-2.2.1/src/swamigui/SwamiguiLoopFinder.c Examining data/swami-2.2.1/src/swamigui/SwamiguiLoopFinder.h Examining data/swami-2.2.1/src/swamigui/SwamiguiMenu.c Examining data/swami-2.2.1/src/swamigui/SwamiguiMenu.h Examining data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c Examining data/swami-2.2.1/src/swamigui/SwamiguiModEdit.h Examining data/swami-2.2.1/src/swamigui/SwamiguiMultiSave.c Examining data/swami-2.2.1/src/swamigui/SwamiguiMultiSave.h Examining data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c Examining data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPanel.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPanel.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2Gen.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2Gen.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenEnv.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenEnv.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenMisc.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSF2GenMisc.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSelector.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPanelSelector.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPaste.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPaste.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPiano.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPiano.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPref.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPref.h Examining data/swami-2.2.1/src/swamigui/SwamiguiProp.c Examining data/swami-2.2.1/src/swamigui/SwamiguiProp.h Examining data/swami-2.2.1/src/swamigui/SwamiguiPythonView.c Examining data/swami-2.2.1/src/swamigui/SwamiguiPythonView.h Examining data/swami-2.2.1/src/swamigui/SwamiguiRoot.c Examining data/swami-2.2.1/src/swamigui/SwamiguiRoot.h Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleCanvas.c Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleCanvas.h Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleEditor.c Examining data/swami-2.2.1/src/swamigui/SwamiguiSampleEditor.h Examining data/swami-2.2.1/src/swamigui/SwamiguiSpectrumCanvas.c Examining data/swami-2.2.1/src/swamigui/SwamiguiSpectrumCanvas.h Examining data/swami-2.2.1/src/swamigui/SwamiguiSpinScale.c Examining data/swami-2.2.1/src/swamigui/SwamiguiSpinScale.h Examining data/swami-2.2.1/src/swamigui/SwamiguiSplits.c Examining data/swami-2.2.1/src/swamigui/SwamiguiSplits.h Examining data/swami-2.2.1/src/swamigui/SwamiguiStatusbar.c Examining data/swami-2.2.1/src/swamigui/SwamiguiStatusbar.h Examining data/swami-2.2.1/src/swamigui/SwamiguiTree.c Examining data/swami-2.2.1/src/swamigui/SwamiguiTree.h Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStore.c Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStore.h Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStoreConfig.c Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStoreConfig.h Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStorePatch.c Examining data/swami-2.2.1/src/swamigui/SwamiguiTreeStorePatch.h Examining data/swami-2.2.1/src/swamigui/builtin_enums.c Examining data/swami-2.2.1/src/swamigui/builtin_enums.h Examining data/swami-2.2.1/src/swamigui/glade_strings.c Examining data/swami-2.2.1/src/swamigui/help.c Examining data/swami-2.2.1/src/swamigui/help.h Examining data/swami-2.2.1/src/swamigui/i18n.h Examining data/swami-2.2.1/src/swamigui/icons.c Examining data/swami-2.2.1/src/swamigui/icons.h Examining data/swami-2.2.1/src/swamigui/main.c Examining data/swami-2.2.1/src/swamigui/patch_funcs.c Examining data/swami-2.2.1/src/swamigui/patch_funcs.h Examining data/swami-2.2.1/src/swamigui/splash.c Examining data/swami-2.2.1/src/swamigui/splash.h Examining data/swami-2.2.1/src/swamigui/swami_python.c Examining data/swami-2.2.1/src/swamigui/swami_python.h Examining data/swami-2.2.1/src/swamigui/swamigui.h Examining data/swami-2.2.1/src/swamigui/tools/cdump.c Examining data/swami-2.2.1/src/swamigui/util.c Examining data/swami-2.2.1/src/swamigui/util.h Examining data/swami-2.2.1/src/swamigui/widgets/combo-box.c Examining data/swami-2.2.1/src/swamigui/widgets/combo-box.h Examining data/swami-2.2.1/src/swamigui/widgets/icon-combo.c Examining data/swami-2.2.1/src/swamigui/widgets/icon-combo.h Examining data/swami-2.2.1/src/swamish/swamish.c FINAL RESULTS: data/swami-2.2.1/src/libswami/util.c:141:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, notes[note % 12]); data/swami-2.2.1/src/libswami/util.c:144:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, octavestr); data/swami-2.2.1/src/plugins/fluidsynth_gui.c:341:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(namebuf, knobnames[i]); data/swami-2.2.1/src/swamigui/SwamiguiPref.c:446:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(notename, "%s%d", note_names[i % 12], i / 12); data/swami-2.2.1/src/swamigui/SwamiguiPref.c:668:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(notename, "%s%d", note_names[count % 12], count / 12); data/swami-2.2.1/src/swamigui/SwamiguiPref.c:695:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(notename, "%s%d", note_names[count % 12], count / 12); data/swami-2.2.1/src/libswami/SwamiMidiDevice.c:121:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(oclass->open) data/swami-2.2.1/src/libswami/SwamiMidiDevice.c:123:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). retval = (*oclass->open)(device, err); data/swami-2.2.1/src/libswami/SwamiMidiDevice.h:63:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gboolean(*open)(SwamiMidiDevice *device, GError **err); data/swami-2.2.1/src/libswami/SwamiPlugin.h:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4]; /* magic string to ensure sanity */ data/swami-2.2.1/src/libswami/SwamiWavetbl.c:295:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_return_val_if_fail(wavetbl_class->open != NULL, FALSE); data/swami-2.2.1/src/libswami/SwamiWavetbl.c:302:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). retval = wavetbl_class->open(wavetbl, err); data/swami-2.2.1/src/libswami/SwamiWavetbl.h:67:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gboolean(*open)(SwamiWavetbl *wavetbl, GError **err); data/swami-2.2.1/src/libswami/util.c:137:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char octavestr[3]; data/swami-2.2.1/src/libswami/util.c:143:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (octavestr, "%d", MIDI_TO_MUSIC_OCT(note / 12)); data/swami-2.2.1/src/plugins/fftune_gui.c:692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char powerstr[6], freqstr[32], notestr[11], centsstr[16]; data/swami-2.2.1/src/plugins/fftune_gui.c:718:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(powerstr, "%0.2f", power / max_power); data/swami-2.2.1/src/plugins/fftune_gui.c:719:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(freqstr, "%0.2f", freq); data/swami-2.2.1/src/plugins/fftune_gui.c:720:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(centsstr, "%0.2f", cents); data/swami-2.2.1/src/plugins/fftune_gui.c:724:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(notestr, "<0"); data/swami-2.2.1/src/plugins/fftune_gui.c:728:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(notestr, ">127"); data/swami-2.2.1/src/plugins/fftune_gui.c:732:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(notestr, "%d | ", note); data/swami-2.2.1/src/plugins/fluidsynth.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PRESET_NAME_LEN]; /* for presets */ data/swami-2.2.1/src/plugins/fluidsynth.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PRESET_NAME_LEN]; /* for presets */ data/swami-2.2.1/src/plugins/fluidsynth.c:1151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; data/swami-2.2.1/src/plugins/fluidsynth.c:1718:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[16]; /* enough space to store printf "&%p" */ data/swami-2.2.1/src/plugins/fluidsynth.c:1951:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; /* using static buffer so info string can be freed */ data/swami-2.2.1/src/plugins/fluidsynth.c:2059:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; /* return string is static */ data/swami-2.2.1/src/plugins/fluidsynth.c:2408:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wavetbl->rt_sel_values, sel_values, data/swami-2.2.1/src/plugins/fluidsynth.c:2410:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wavetbl->rt_voices, fluid_voices, data/swami-2.2.1/src/plugins/fluidsynth_gui.c:304:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[32]; data/swami-2.2.1/src/plugins/fluidsynth_gui.c:340:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(namebuf, "Knob"); data/swami-2.2.1/src/swamigui/SwamiguiCanvasMod.c:181:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mod->vars, default_vars, sizeof(SwamiguiCanvasModVars) data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:558:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * name_pix_src[2] = {"PIXSrc", "PIXAmtSrc"}; data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:559:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * name_hbx_box[2] = {"HBXSrc", "HBXAmtSrc"}; data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:560:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * name_com_src_ctrl[2] = {"COMSrcCtrl", "COMAmtCtrl"}; data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:1578:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * name_pix_src[2] = {"PIXSrc", "PIXAmtSrc"}; data/swami-2.2.1/src/swamigui/SwamiguiModEdit.c:1579:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * name_com_src_ctrl[2] = {"COMSrcCtrl", "COMAmtCtrl"}; data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char notestr[9] = { 0 }; data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c:90:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(notestr, "%d | ", note); data/swami-2.2.1/src/swamigui/SwamiguiPiano.c:123:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char white_key_infos[7] = data/swami-2.2.1/src/swamigui/SwamiguiPiano.c:149:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char note_key_infos[12] = data/swami-2.2.1/src/swamigui/SwamiguiPiano.c:950:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char midiNote[5]; data/swami-2.2.1/src/swamigui/SwamiguiPref.c:426:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char notename[16]; data/swami-2.2.1/src/swamigui/SwamiguiPref.c:646:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char notename[16]; data/swami-2.2.1/src/swamigui/SwamiguiRoot.c:1942:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestr[64]; data/swami-2.2.1/src/swamigui/SwamiguiSplits.c:1030:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lstr[5], hstr[5]; data/swami-2.2.1/src/swamigui/patch_funcs.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *groups[2] = { SWAMIGUI_ROOT_INSTRUMENT_FILES_GROUP, NULL }; data/swami-2.2.1/src/swamigui/swami_python.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *new_argv[argc]; data/swami-2.2.1/src/swamigui/tools/cdump.c:30:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(pszFileName, "rb"); data/swami-2.2.1/src/swamigui/tools/cdump.c:53:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(pszFileName, "rb"); data/swami-2.2.1/src/swamigui/util.c:426:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(object_ids, dep_ids, count * sizeof(char *)); data/swami-2.2.1/src/swamigui/util.c:521:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(depids, bag->deparray->pdata, bag->deparray->len * sizeof(gpointer)); data/swami-2.2.1/src/plugins/fftune_gui.c:733:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). swami_util_midi_note_to_str(note, notestr + strlen(notestr)); data/swami-2.2.1/src/plugins/fluidsynth.c:380:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(reverb_presets[0].name, N_("Default"), PRESET_NAME_LEN); data/swami-2.2.1/src/plugins/fluidsynth.c:395:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(chorus_presets[0].name, N_("Default"), PRESET_NAME_LEN); data/swami-2.2.1/src/swamigui/SwamiguiItemMenu.c:563:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_return_if_fail(action_id != NULL && strlen(action_id) > 0); data/swami-2.2.1/src/swamigui/SwamiguiNoteSelector.c:91:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). swami_util_midi_note_to_str(note, notestr + strlen(notestr)); data/swami-2.2.1/src/swamigui/SwamiguiTree.c:1730:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tree->search_end_pos = startpos + strlen(search); data/swami-2.2.1/src/swamigui/icons.c:58:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefix_len = strlen("swamigui_"); data/swami-2.2.1/src/swamigui/patch_funcs.c:129:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(path && strlen(path)) data/swami-2.2.1/src/swamigui/patch_funcs.c:834:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(path_sample_export && strlen(path_sample_export)) data/swami-2.2.1/src/swamigui/util.c:767:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = g_new(char, strlen(str) + 1); ANALYSIS SUMMARY: Hits = 63 Lines analyzed = 59146 in approximately 1.26 seconds (47051 lines/second) Physical Source Lines of Code (SLOC) = 39120 Hits@level = [0] 17 [1] 10 [2] 47 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 80 [1+] 63 [2+] 53 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 2.04499 [1+] 1.61043 [2+] 1.35481 [3+] 0.153374 [4+] 0.153374 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.