Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp Examining data/taglib-extras-1.0.1/taglib-extras/rmff/realmediafile.h Examining data/taglib-extras-1.0.1/taglib-extras/rmff/realmediafiletyperesolver.h Examining data/taglib-extras-1.0.1/taglib-extras/rmff/realmediafile.cpp Examining data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.h Examining data/taglib-extras-1.0.1/taglib-extras/rmff/realmediafiletyperesolver.cpp Examining data/taglib-extras-1.0.1/taglib-extras/tplugins.h Examining data/taglib-extras-1.0.1/taglib-extras/tplugins.cpp Examining data/taglib-extras-1.0.1/taglib-extras/taglib-extras_export.h Examining data/taglib-extras-1.0.1/taglib-extras/tfile_helper.cpp Examining data/taglib-extras-1.0.1/taglib-extras/audible/audiblefiletyperesolver.h Examining data/taglib-extras-1.0.1/taglib-extras/audible/audiblefile.cpp Examining data/taglib-extras-1.0.1/taglib-extras/audible/audiblefiletyperesolver.cpp Examining data/taglib-extras-1.0.1/taglib-extras/audible/audibleproperties.h Examining data/taglib-extras-1.0.1/taglib-extras/audible/audibleproperties.cpp Examining data/taglib-extras-1.0.1/taglib-extras/audible/audibletag.cpp Examining data/taglib-extras-1.0.1/taglib-extras/audible/audibletag.h Examining data/taglib-extras-1.0.1/taglib-extras/audible/audiblefile.h Examining data/taglib-extras-1.0.1/taglib-extras/tfile_helper.h FINAL RESULTS: data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:871:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, nam); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:916:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, (char *)props->name); data/taglib-extras-1.0.1/taglib-extras/audible/audibletag.cpp:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1023]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:53:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define UNPACK4(a, buf, i) memcpy((void *)&a, (void *) &buf[i], 4),i+=4,a=ntohl(a) data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:54:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define UNPACK2(a, buf, i) memcpy((void *)&a, (void *) &buf[i], 2),i+=2,a=ntohs(a) data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:153:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_fd = open(m_filename, O_RDONLY); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:195:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_fd = open(m_filename, O_RDONLY); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:256:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[65536]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:289:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oid[5]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:290:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)oid, (void *)&object_id, 4); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:338:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)&fourcc, buf, 4); i+=4; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:451:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(media_hdr->stream_name, &buf[i], media_hdr->stream_name_size); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:455:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(media_hdr->mime_type, &buf[i], media_hdr->mime_type_size); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:461:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(media_hdr->type_specific_data, &buf[i], media_hdr->type_specific_len); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:508:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)media_hdr->lstr->properties[j].name, (void *)&buf[i], data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:519:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)media_hdr->lstr->properties[j].value_data, (void *)&buf[i], data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:560:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)cont->title, (void *)&buf[i], cont->title_len); i+=cont->title_len; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:566:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)cont->author, (void *)&buf[i], cont->author_len); i+=cont->author_len; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:572:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)cont->copyright, (void *)&buf[i], cont->copyright_len); i+=cont->copyright_len; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:578:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)cont->comment, (void *)&buf[i], cont->comment_len); i+=cont->comment_len; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:598:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[255]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:638:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)props->name, (void *)&buf[i], props->name_length); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:645:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void *) props->value, (void *)&buf[i], props->value_length ); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:691:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[65536]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:694:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)&object_id, "RMMD", 4); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:712:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)&m_md->object_id, (void *)&buf[i], 4); i+=4; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:732:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object_id[5]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:750:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object_id[5]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:779:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object_id[5]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:836:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object_id[5]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:869:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8192]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:935:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8192]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:936:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oid[5]; data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:938:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)oid, (void *)&m_md->s.object_id, 4); data/taglib-extras-1.0.1/taglib-extras/tfile_helper.h:41:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). : fopen(filename, mode)) data/taglib-extras-1.0.1/taglib-extras/tfile_helper.h:56:40: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define TagLibOpenFile(filename, mode) fopen(filename, mode) data/taglib-extras-1.0.1/taglib-extras/audible/audiblefile.cpp:59:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(readProperties, propertiesStyle ); data/taglib-extras-1.0.1/taglib-extras/audible/audiblefile.cpp:100:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void Audible::File::read(bool readProperties, Properties::ReadStyle propertiesStyle) data/taglib-extras-1.0.1/taglib-extras/audible/audiblefile.h:74:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(bool readProperties, Properties::ReadStyle propertiesStyle); data/taglib-extras-1.0.1/taglib-extras/audible/audibleproperties.h:79:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/taglib-extras-1.0.1/taglib-extras/audible/audibletag.cpp:82:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( fread(buf, strlen("product_id"), 1, fp) != 1 ) data/taglib-extras-1.0.1/taglib-extras/audible/audibletag.cpp:85:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(memcmp(buf, "product_id", strlen("product_id"))) data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:331:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( (nbytes = read(m_fd, (void *) buf, RMFF_HDR_SIZE)) != RMFF_HDR_SIZE ) data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:364:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( (nbytes = read(m_fd, (void *) &buf[i], readamount > (int)sz - i ? (int)sz - i : readamount )) != readamount ) data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:736:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(object_id, (const char *)&m_hdr->s.object_id, 4); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:754:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(object_id, (const char *)&m_props->s.object_id, 4); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:784:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(object_id, (const char *)&media_hdr->s.object_id, 4); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:840:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(object_id, (const char *)&m_contenthdr->s.object_id, 4); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:917:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(name, "/"); data/taglib-extras-1.0.1/taglib-extras/rmff/rmff.cpp:948:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(name, ""); ANALYSIS SUMMARY: Hits = 50 Lines analyzed = 3004 in approximately 0.09 seconds (31896 lines/second) Physical Source Lines of Code (SLOC) = 1882 Hits@level = [0] 8 [1] 14 [2] 34 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 58 [1+] 50 [2+] 36 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 30.8183 [1+] 26.5675 [2+] 19.1286 [3+] 1.0627 [4+] 1.0627 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.