stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.h
Examining data/vbrfix-0.24+dfsg/vbrfixc/wputil.h
Examining data/vbrfix-0.24+dfsg/vbrfixc/main.cpp
Examining data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp

FINAL RESULTS:

data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:45:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(log,s);fprintf(log,"\n");
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:26:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  log=fopen("vbrfix.log","w");
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:189:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char xp[9];
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:277:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char E[28];//32-4
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:297:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char E[7];
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:329:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char bf[10];mp3.fRead(bf+4,6);bf[0]=H[0];bf[1]=H[1];bf[2]=H[2];bf[3]=H[3];
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:377:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char toc[100];
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:381:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char XhD[4];
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.cpp:441:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[128];
data/vbrfix-0.24+dfsg/vbrfixc/vbrfix.h:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char H[4],lastH[4];
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:71:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tmp[100];
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:72:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp,"%d",i);
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:120:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fil.open(name, flags);
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:231:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	in.open(file);
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:75:24:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    wps operator=(wps &equal){
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:76:16:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      wps fred(equal.str);
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:112:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void openFile(const char* name,bool read){
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:114:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    rmode=read;ios_base::openmode flags;
data/vbrfix-0.24+dfsg/vbrfixc/wputil.h:155:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if(rmode)fil.read((char*)ptr,size);

ANALYSIS SUMMARY:

Hits = 19
Lines analyzed = 970 in approximately 0.05 seconds (19275 lines/second)
Physical Source Lines of Code (SLOC) = 834
Hits@level = [0]   3 [1]   5 [2]  13 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  22 [1+]  19 [2+]  14 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 26.3789 [1+] 22.7818 [2+] 16.7866 [3+] 1.19904 [4+] 1.19904 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.