Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/taopm-1.0/libtao/TaoSynthEngine.cc
Examining data/taopm-1.0/libtao/TaoAccessPoint.cc
Examining data/taopm-1.0/libtao/TaoString.cc
Examining data/taopm-1.0/libtao/TaoRectangle.cc
Examining data/taopm-1.0/libtao/TaoCircle.cc
Examining data/taopm-1.0/libtao/TaoTriangle.cc
Examining data/taopm-1.0/libtao/TaoEllipse.cc
Examining data/taopm-1.0/libtao/TaoBow.cc
Examining data/taopm-1.0/libtao/TaoHammer.cc
Examining data/taopm-1.0/libtao/TaoConnector.cc
Examining data/taopm-1.0/libtao/TaoStop.cc
Examining data/taopm-1.0/libtao/TaoCell.cc
Examining data/taopm-1.0/libtao/Tao.cc
Examining data/taopm-1.0/libtao/TaoDevice.cc
Examining data/taopm-1.0/libtao/TaoInstrument.cc
Examining data/taopm-1.0/libtao/TaoOutput.cc
Examining data/taopm-1.0/libtao/TaoPitch.cc
Examining data/taopm-1.0/libtao/TaoGraphicsEngine.cc
Examining data/taopm-1.0/include/Tao.h
Examining data/taopm-1.0/include/TaoAccessPoint.h
Examining data/taopm-1.0/include/TaoBow.h
Examining data/taopm-1.0/include/TaoCell.h
Examining data/taopm-1.0/include/TaoCircle.h
Examining data/taopm-1.0/include/TaoConnector.h
Examining data/taopm-1.0/include/TaoDevice.h
Examining data/taopm-1.0/include/TaoEllipse.h
Examining data/taopm-1.0/include/TaoGraphicsEngine.h
Examining data/taopm-1.0/include/TaoHammer.h
Examining data/taopm-1.0/include/TaoInstrument.h
Examining data/taopm-1.0/include/TaoOutput.h
Examining data/taopm-1.0/include/TaoPitch.h
Examining data/taopm-1.0/include/TaoRGBColor.h
Examining data/taopm-1.0/include/TaoRectangle.h
Examining data/taopm-1.0/include/TaoStop.h
Examining data/taopm-1.0/include/TaoString.h
Examining data/taopm-1.0/include/TaoSynthEngine.h
Examining data/taopm-1.0/include/TaoTriangle.h
Examining data/taopm-1.0/include/taodefs.h
Examining data/taopm-1.0/taoparse/taoparser.h
Examining data/taopm-1.0/taoparse/taoparserdefs.h
Examining data/taopm-1.0/tao2aiff/tao2aiff.h
Examining data/taopm-1.0/tao2aiff/aupvlist.h
Examining data/taopm-1.0/tao2aiff/audiofile.h
Examining data/taopm-1.0/tao2aiff/tao2aiff.cc
Examining data/taopm-1.0/tao2wav/tao2wav.h
Examining data/taopm-1.0/tao2wav/aupvlist.h
Examining data/taopm-1.0/tao2wav/audiofile.h
Examining data/taopm-1.0/tao2wav/tao2wav.cc
FINAL RESULTS:
data/taopm-1.0/libtao/TaoDevice.cc:39:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, deviceName);
data/taopm-1.0/libtao/TaoInstrument.cc:81:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->name, name);
data/taopm-1.0/libtao/TaoOutput.cc:74:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullfilename, tempname.str().c_str());
data/taopm-1.0/libtao/TaoOutput.cc:104:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullfilename, tempname.str().c_str());
data/taopm-1.0/libtao/TaoPitch.cc:145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->name, pitchName);
data/taopm-1.0/libtao/TaoPitch.cc:219:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p.name);
data/taopm-1.0/libtao/TaoPitch.cc:234:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p.name);
data/taopm-1.0/tao2aiff/tao2aiff.cc:57:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
argv++; strcpy(infilename, *argv);
data/taopm-1.0/tao2aiff/tao2aiff.cc:58:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
argv++; strcpy(AIFFfilename, *argv);
data/taopm-1.0/tao2wav/tao2wav.cc:56:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
argv++; strcpy(infilename, *argv);
data/taopm-1.0/tao2wav/tao2wav.cc:57:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
argv++; strcpy(WAVfilename, *argv);
data/taopm-1.0/libtao/Tao.cc:156:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
option=getopt(argc, argv, "gs:");
data/taopm-1.0/libtao/TaoGraphicsEngine.cc:182:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
option=getopt(argc, argv, "l:");
data/taopm-1.0/libtao/TaoSynthEngine.cc:24:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern int random();
data/taopm-1.0/libtao/TaoSynthEngine.cc:28:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long random();
data/taopm-1.0/libtao/TaoSynthEngine.cc:81:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getTime());
data/taopm-1.0/include/TaoDevice.h:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/taopm-1.0/include/TaoInstrument.h:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/taopm-1.0/libtao/Tao.cc:166:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
audioRate=atoi((char *)optarg);
data/taopm-1.0/libtao/TaoDevice.cc:27:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "anon");
data/taopm-1.0/libtao/TaoOutput.cc:142:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputfile->open(fullfilename, std::ios::out);
data/taopm-1.0/libtao/TaoOutput.cc:150:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputfile->open(fullfilename, std::ios::app);
data/taopm-1.0/libtao/TaoPitch.cc:159:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->name, "N/A");
data/taopm-1.0/tao2aiff/audiofile.h:446:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int afGetAESChannelData (AFfilehandle, int track, unsigned char buf[24]);
data/taopm-1.0/tao2aiff/audiofile.h:447:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void afSetAESChannelData (AFfilehandle, int track, unsigned char buf[24]);
data/taopm-1.0/tao2aiff/tao2aiff.cc:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AIFFfilename[256];
data/taopm-1.0/tao2aiff/tao2aiff.cc:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infilename[256];
data/taopm-1.0/tao2aiff/tao2aiff.cc:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileid[20];
data/taopm-1.0/tao2aiff/tao2aiff.cc:65:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(infilename);
data/taopm-1.0/tao2wav/audiofile.h:446:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int afGetAESChannelData (AFfilehandle, int track, unsigned char buf[24]);
data/taopm-1.0/tao2wav/audiofile.h:447:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void afSetAESChannelData (AFfilehandle, int track, unsigned char buf[24]);
data/taopm-1.0/tao2wav/tao2wav.cc:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char WAVfilename[256];
data/taopm-1.0/tao2wav/tao2wav.cc:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infilename[256];
data/taopm-1.0/tao2wav/tao2wav.cc:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileid[20];
data/taopm-1.0/tao2wav/tao2wav.cc:64:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(infilename);
data/taopm-1.0/libtao/TaoGraphicsEngine.cc:427:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(string);
data/taopm-1.0/libtao/TaoGraphicsEngine.cc:446:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(string);
data/taopm-1.0/libtao/TaoInstrument.cc:60:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(name, "");
data/taopm-1.0/libtao/TaoPitch.cc:67:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nameLength=strlen(pitchName);
data/taopm-1.0/libtao/TaoPitch.cc:217:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(p.name)+1];
data/taopm-1.0/libtao/TaoPitch.cc:232:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(p.name)+1];
data/taopm-1.0/tao2aiff/tao2aiff.cc:77:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&fileid[0], 15);
data/taopm-1.0/tao2aiff/tao2aiff.cc:86:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&audioRate, sizeof(int));
data/taopm-1.0/tao2aiff/tao2aiff.cc:87:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&numChannels, sizeof(int));
data/taopm-1.0/tao2aiff/tao2aiff.cc:97:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&floatSamples[0], 1000*sizeof(float));
data/taopm-1.0/tao2aiff/tao2aiff.cc:136:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&floatSamples[0], 1000*sizeof(float));
data/taopm-1.0/tao2wav/tao2wav.cc:76:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&fileid[0], 15);
data/taopm-1.0/tao2wav/tao2wav.cc:85:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&audioRate, sizeof(int));
data/taopm-1.0/tao2wav/tao2wav.cc:86:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&numChannels, sizeof(int));
data/taopm-1.0/tao2wav/tao2wav.cc:96:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&floatSamples[0], 1000*sizeof(float));
data/taopm-1.0/tao2wav/tao2wav.cc:135:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char *)&floatSamples[0], 1000*sizeof(float));
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 9753 in approximately 0.25 seconds (39026 lines/second)
Physical Source Lines of Code (SLOC) = 5995
Hits@level = [0] 0 [1] 16 [2] 19 [3] 5 [4] 11 [5] 0
Hits@level+ = [0+] 51 [1+] 51 [2+] 35 [3+] 16 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 8.50709 [1+] 8.50709 [2+] 5.8382 [3+] 2.66889 [4+] 1.83486 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.