Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c
Examining data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h
Examining data/upse-1.0.0/src/libupse/upse-string.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-dma-manager.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-executive.h
Examining data/upse-1.0.0/src/libupse/upse_ps1_gpu.c
Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-adsr-filter.h
Examining data/upse-1.0.0/src/libupse/upse-types.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-hal.h
Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_adsr_filter.c
Examining data/upse-1.0.0/src/libupse/upse-internal.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-reverb.h
Examining data/upse-1.0.0/src/libupse/upse-debug.h
Examining data/upse-1.0.0/src/libupse/upse_ps1_hal.c
Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_base.c
Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-base.h
Examining data/upse-1.0.0/src/libupse/upse-spu-internal.h
Examining data/upse-1.0.0/src/libupse/upse_unpack_psf.c
Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_reverb.c
Examining data/upse-1.0.0/src/libupse/upse_ps1_executive.c
Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_register_io.c
Examining data/upse-1.0.0/src/libupse/upse_string.c
Examining data/upse-1.0.0/src/libupse/upse_ps1_dma_manager.c
Examining data/upse-1.0.0/src/libupse/upse-r3000-abstract.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-register-io.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-counters.h
Examining data/upse-1.0.0/src/libupse/upse.h
Examining data/upse-1.0.0/src/libupse/upse_r3000_bytecode_evaluator.c
Examining data/upse-1.0.0/src/libupse/upse_util.c
Examining data/upse-1.0.0/src/libupse/upse_ps1_counters.c
Examining data/upse-1.0.0/src/libupse/upse_bios_manager.c
Examining data/upse-1.0.0/src/libupse/upse-ps1-gpu.h
Examining data/upse-1.0.0/src/libupse/upse_ps1_spu_dma_handler.c
Examining data/upse-1.0.0/src/libupse/upse-ps1-memory-manager.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-bios-private.h
Examining data/upse-1.0.0/src/libupse/upse_r3000_abstract.c
Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-abstract.h
Examining data/upse-1.0.0/src/libupse/upse-ps1-spu-dma-handler.h
Examining data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c
Examining data/upse-1.0.0/src/upse123/upse123_main.c
Examining data/upse-1.0.0/src/upse-audacious/plugin.c
FINAL RESULTS:
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:304:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pcA0, pcA1 != NULL ? pcA1 : "");
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:110:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, newfile);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:118:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, newfile);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:184:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*val, buf);
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:642:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(a0);
data/upse-1.0.0/src/upse123/upse123_main.c:291:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((r = getopt(argc, argv, "hvo:d:s:RqB:")) >= 0)
data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h:24:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *biosA0n[256];
data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *biosB0n[256];
data/upse-1.0.0/src/libupse/upse-ps1-bios-base.h:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *biosC0n[256];
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *biosA0n[256] = {
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *biosB0n[256] = {
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:126:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *biosC0n[256] = {
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:253:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v0 = atoi(arg);
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:260:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v0 = atol(arg);
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1001:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Thread[CurThread].reg, upse_r3000_cpu_regs.GPR.r, 32 * 4);
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1004:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upse_r3000_cpu_regs.GPR.r, Thread[th].reg, 32 * 4);
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1013:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upse_r3000_cpu_regs.GPR.r, regs, 32 * 4);
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1384:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&psxM[0x248], "bu");
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:1440:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs, upse_r3000_cpu_regs.GPR.r, 32 * 4);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) (upse_ps1_memory_LUT[address >> 16] + (address & 65535)), data, tmplen);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memcpy((char *) (upse_ps1_memory_LUT[address >> 16] + (address & 65535)), data, tmplen);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:54:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) (upse_ps1_memory_LUT[address >> 16]), data, (length < 65536) ? length : 65536);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memcpy((char *) (upse_ps1_memory_LUT[address >> 16]), data, (length < 65536) ? length : 65536);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upse_ps1_memory_LUT + 0x8000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upse_ps1_memory_LUT + 0xa000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:111:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(upse_get_custom_bios(), "rb");
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:159:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
p = (char *) (upse_ps1_memory_LUT[t]);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:186:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
p = (char *) (upse_ps1_memory_LUT[t]);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:213:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
p = (char *) (upse_ps1_memory_LUT[t]);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:240:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
p = (char *) (upse_ps1_memory_LUT[t]);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:263:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
p = (char *) (upse_ps1_memory_LUT[t]);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:286:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
p = (char *) (upse_ps1_memory_LUT[t]);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:318:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upse_ps1_memory_LUT + 0x8000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT);
data/upse-1.0.0/src/libupse/upse_ps1_memory_manager.c:319:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upse_ps1_memory_LUT + 0xa000, upse_ps1_memory_LUT, 0x80 * sizeof *upse_ps1_memory_LUT);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[8];
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:63:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
acc = atoi(s + x + 1);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:69:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
acc += atoi(s + x + 1) * 10;
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:71:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
acc += atoi(s + x + (x ? 1 : 0)) * 10 * 60;
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:78:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
acc += atoi(s + x) * 10;
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:80:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
acc += atoi(s + x) * 10 * 60;
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:82:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
acc += atoi(s + x) * 10 * 60 * 60;
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, f, tp1 - f);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpHead, out, sizeof(upse_exe_header_t));
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:333:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *yoinks[8] = { "title", "artist", "game", "year", "genre",
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **yoinks2[8] = { &psfi->title, &psfi->artist, &psfi->game, &psfi->year, &psfi->genre,
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:414:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache[cur].num = atoi(&tag->key[4]);
data/upse-1.0.0/src/upse123/upse123_main.c:40:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(path, mode);
data/upse-1.0.0/src/upse123/upse123_main.c:168:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((oss_audio_fd = open(audio_dev_ != NULL ? audio_dev_ : "/dev/dsp", O_WRONLY, 0)) == -1)
data/upse-1.0.0/src/upse123/upse123_main.c:311:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sleep_value_ = atoi(optarg);
data/upse-1.0.0/src/libupse/upse_ps1_bios_base.c:318:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(pcA0, pcA1, a2);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:57:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, str, 100);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:60:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (x = strlen(s); x >= 0; x--)
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:109:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc(strlen(newfile) + 1);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:114:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = malloc(tp1 - f + 2 + strlen(newfile)); // 1(NULL), 1(/).
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:135:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (tmp = buf + strlen(buf) - 1; tmp >= buf; tmp--)
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:157:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*key, tmp, buf - tmp);
data/upse-1.0.0/src/libupse/upse_unpack_psf.c:182:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(*val = malloc(strlen(buf) + 1)))
ANALYSIS SUMMARY:
Hits = 59
Lines analyzed = 8889 in approximately 0.20 seconds (43965 lines/second)
Physical Source Lines of Code (SLOC) = 5722
Hits@level = [0] 36 [1] 8 [2] 45 [3] 2 [4] 4 [5] 0
Hits@level+ = [0+] 95 [1+] 59 [2+] 51 [3+] 6 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 16.6026 [1+] 10.3111 [2+] 8.91297 [3+] 1.04858 [4+] 0.699056 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.