Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c Examining data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h Examining data/upse-1.0.0/src/libupse/upse-string.h Examining data/upse-1.0.0/src/libupse/upse-ps1-dma-manager.h Examining data/upse-1.0.0/src/libupse/upse-ps1-executive.h Examining data/upse-1.0.0/src/libupse/upse_ps1_gpu.c Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-adsr-filter.h Examining data/upse-1.0.0/src/libupse/upse-types.h Examining data/upse-1.0.0/src/libupse/upse-ps1-hal.h Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_adsr_filter.c Examining data/upse-1.0.0/src/libupse/upse-internal.h Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-reverb.h Examining data/upse-1.0.0/src/libupse/upse-debug.h Examining data/upse-1.0.0/src/libupse/upse_ps1_hal.c Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_base.c Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-base.h Examining data/upse-1.0.0/src/libupse/upse-spu-internal.h Examining data/upse-1.0.0/src/libupse/upse_unpack_psf.c Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_reverb.c Examining data/upse-1.0.0/src/libupse/upse_ps1_executive.c Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_register_io.c Examining data/upse-1.0.0/src/libupse/upse_string.c Examining data/upse-1.0.0/src/libupse/upse_ps1_dma_manager.c Examining data/upse-1.0.0/src/libupse/upse-r3000-abstract.h Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-register-io.h Examining data/upse-1.0.0/src/libupse/upse-ps1-counters.h Examining data/upse-1.0.0/src/libupse/upse.h Examining data/upse-1.0.0/src/libupse/upse_r3000_bytecode_evaluator.c Examining data/upse-1.0.0/src/libupse/upse_util.c Examining data/upse-1.0.0/src/libupse/upse_ps1_counters.c Examining data/upse-1.0.0/src/libupse/upse_bios_manager.c Examining data/upse-1.0.0/src/libupse/upse-ps1-gpu.h Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_dma_handler.c Examining data/upse-1.0.0/src/libupse/upse-ps1-memory-manager.h Examining data/upse-1.0.0/src/libupse/upse-ps1-bios-private.h Examining data/upse-1.0.0/src/libupse/upse_r3000_abstract.c Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-abstract.h Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-dma-handler.h Examining data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c Examining data/upse-1.0.0/src/upse123/upse123_main.c Examining data/upse-1.0.0/src/upse-audacious/plugin.c FINAL RESULTS: data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:304:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pcA0, pcA1 != NULL ? pcA1 : ""); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:110:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, newfile); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:118:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ret, newfile); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:184:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*val, buf); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:642:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(a0); data/upse-1.0.0/src/upse123/upse123_main.c:291:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((r = getopt(argc, argv, "hvo:d:s:RqB:")) >= 0) data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h:24:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *biosA0n[256]; data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h:25:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *biosB0n[256]; data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h:26:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *biosC0n[256]; data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *biosA0n[256] = { data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:93:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *biosB0n[256] = { data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:126:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *biosC0n[256] = { data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:253:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v0 = atoi(arg); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:260:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v0 = atol(arg); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1001:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Thread[CurThread].reg, upse_r3000_cpu_regs.GPR.r, 32 * 4); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1004:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(upse_r3000_cpu_regs.GPR.r, Thread[th].reg, 32 * 4); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1013:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(upse_r3000_cpu_regs.GPR.r, regs, 32 * 4); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1384:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(&psxM[0x248], "bu"); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1440:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regs, upse_r3000_cpu_regs.GPR.r, 32 * 4); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (upse_ps1_memory_LUT[address >> 16] + (address & 65535)), data, tmplen); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:45:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memcpy((char *) (upse_ps1_memory_LUT[address >> 16] + (address & 65535)), data, tmplen); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:54:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (upse_ps1_memory_LUT[address >> 16]), data, (length < 65536) ? length : 65536); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:54:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memcpy((char *) (upse_ps1_memory_LUT[address >> 16]), data, (length < 65536) ? length : 65536); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:85:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(upse_ps1_memory_LUT + 0x8000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:86:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(upse_ps1_memory_LUT + 0xa000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:111:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(upse_get_custom_bios(), "rb"); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:159:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p = (char *) (upse_ps1_memory_LUT[t]); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:186:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p = (char *) (upse_ps1_memory_LUT[t]); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:213:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p = (char *) (upse_ps1_memory_LUT[t]); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:240:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p = (char *) (upse_ps1_memory_LUT[t]); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:263:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p = (char *) (upse_ps1_memory_LUT[t]); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:286:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p = (char *) (upse_ps1_memory_LUT[t]); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:318:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(upse_ps1_memory_LUT + 0x8000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT); data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:319:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(upse_ps1_memory_LUT + 0xa000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:31:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id[8]; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[100]; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:63:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acc = atoi(s + x + 1); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:69:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acc += atoi(s + x + 1) * 10; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:71:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acc += atoi(s + x + (x ? 1 : 0)) * 10 * 60; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:78:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acc += atoi(s + x) * 10; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:80:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acc += atoi(s + x) * 10 * 60; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:82:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acc += atoi(s + x) * 10 * 60 * 60; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, f, tp1 - f); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:293:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmpHead, out, sizeof(upse_exe_header_t)); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[1024]; data/upse-1.0.0/src/libupse/upse_unpack_psf.c:333:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *yoinks[8] = { "title", "artist", "game", "year", "genre", data/upse-1.0.0/src/libupse/upse_unpack_psf.c:336:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **yoinks2[8] = { &psfi->title, &psfi->artist, &psfi->game, &psfi->year, &psfi->genre, data/upse-1.0.0/src/libupse/upse_unpack_psf.c:414:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache[cur].num = atoi(&tag->key[4]); data/upse-1.0.0/src/upse123/upse123_main.c:40:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(path, mode); data/upse-1.0.0/src/upse123/upse123_main.c:168:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((oss_audio_fd = open(audio_dev_ != NULL ? audio_dev_ : "/dev/dsp", O_WRONLY, 0)) == -1) data/upse-1.0.0/src/upse123/upse123_main.c:311:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sleep_value_ = atoi(optarg); data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:318:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(pcA0, pcA1, a2); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:57:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, str, 100); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:60:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (x = strlen(s); x >= 0; x--) data/upse-1.0.0/src/libupse/upse_unpack_psf.c:109:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc(strlen(newfile) + 1); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:114:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc(tp1 - f + 2 + strlen(newfile)); // 1(NULL), 1(/). data/upse-1.0.0/src/libupse/upse_unpack_psf.c:135:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (tmp = buf + strlen(buf) - 1; tmp >= buf; tmp--) data/upse-1.0.0/src/libupse/upse_unpack_psf.c:157:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*key, tmp, buf - tmp); data/upse-1.0.0/src/libupse/upse_unpack_psf.c:182:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(*val = malloc(strlen(buf) + 1))) ANALYSIS SUMMARY: Hits = 59 Lines analyzed = 8889 in approximately 0.20 seconds (43965 lines/second) Physical Source Lines of Code (SLOC) = 5722 Hits@level = [0] 36 [1] 8 [2] 45 [3] 2 [4] 4 [5] 0 Hits@level+ = [0+] 95 [1+] 59 [2+] 51 [3+] 6 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 16.6026 [1+] 10.3111 [2+] 8.91297 [3+] 1.04858 [4+] 0.699056 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.