Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vo-aacenc-0.1.3/aac-enc.c Examining data/vo-aacenc-0.1.3/common/include/voMem.h Examining data/vo-aacenc-0.1.3/common/include/voAAC.h Examining data/vo-aacenc-0.1.3/common/include/voType.h Examining data/vo-aacenc-0.1.3/common/include/voAudio.h Examining data/vo-aacenc-0.1.3/common/include/voIndex.h Examining data/vo-aacenc-0.1.3/common/include/voAMRWB.h Examining data/vo-aacenc-0.1.3/common/include/cmnMemory.h Examining data/vo-aacenc-0.1.3/common/cmnMemory.c Examining data/vo-aacenc-0.1.3/wavreader.h Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.cpp Examining data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c Examining data/vo-aacenc-0.1.3/aacenc/basic_op/typedef.h Examining data/vo-aacenc-0.1.3/aacenc/basic_op/basic_op.h Examining data/vo-aacenc-0.1.3/aacenc/basic_op/basicop2.c Examining data/vo-aacenc-0.1.3/aacenc/basic_op/typedefs.h Examining data/vo-aacenc-0.1.3/aacenc/basic_op/oper_32b.c Examining data/vo-aacenc-0.1.3/aacenc/basic_op/oper_32b.h Examining data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.cpp Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.h Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.h Examining data/vo-aacenc-0.1.3/aacenc/inc/channel_map.h Examining data/vo-aacenc-0.1.3/aacenc/inc/interface.h Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_configuration.h Examining data/vo-aacenc-0.1.3/aacenc/inc/memalign.h Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_const.h Examining data/vo-aacenc-0.1.3/aacenc/inc/grp_data.h Examining data/vo-aacenc-0.1.3/aacenc/inc/sf_estim.h Examining data/vo-aacenc-0.1.3/aacenc/inc/aac_rom.h Examining data/vo-aacenc-0.1.3/aacenc/inc/pre_echo_control.h Examining data/vo-aacenc-0.1.3/aacenc/inc/config.h Examining data/vo-aacenc-0.1.3/aacenc/inc/aacenc_core.h Examining data/vo-aacenc-0.1.3/aacenc/inc/bit_cnt.h Examining data/vo-aacenc-0.1.3/aacenc/inc/bitenc.h Examining data/vo-aacenc-0.1.3/aacenc/inc/tns.h Examining data/vo-aacenc-0.1.3/aacenc/inc/line_pe.h Examining data/vo-aacenc-0.1.3/aacenc/inc/tns_param.h Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_data.h Examining data/vo-aacenc-0.1.3/aacenc/inc/transform.h Examining data/vo-aacenc-0.1.3/aacenc/inc/tns_func.h Examining data/vo-aacenc-0.1.3/aacenc/inc/dyn_bits.h Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_main.h Examining data/vo-aacenc-0.1.3/aacenc/inc/stat_bits.h Examining data/vo-aacenc-0.1.3/aacenc/inc/qc_data.h Examining data/vo-aacenc-0.1.3/aacenc/inc/qc_main.h Examining data/vo-aacenc-0.1.3/aacenc/inc/spreading.h Examining data/vo-aacenc-0.1.3/aacenc/inc/adj_thr_data.h Examining data/vo-aacenc-0.1.3/aacenc/inc/bitbuffer.h Examining data/vo-aacenc-0.1.3/aacenc/inc/block_switch.h Examining data/vo-aacenc-0.1.3/aacenc/inc/quantize.h Examining data/vo-aacenc-0.1.3/aacenc/inc/ms_stereo.h Examining data/vo-aacenc-0.1.3/aacenc/inc/band_nrg.h Examining data/vo-aacenc-0.1.3/aacenc/inc/adj_thr.h Examining data/vo-aacenc-0.1.3/aacenc/src/adj_thr.c Examining data/vo-aacenc-0.1.3/aacenc/src/bitenc.c Examining data/vo-aacenc-0.1.3/aacenc/src/pre_echo_control.c Examining data/vo-aacenc-0.1.3/aacenc/src/spreading.c Examining data/vo-aacenc-0.1.3/aacenc/src/band_nrg.c Examining data/vo-aacenc-0.1.3/aacenc/src/stat_bits.c Examining data/vo-aacenc-0.1.3/aacenc/src/line_pe.c Examining data/vo-aacenc-0.1.3/aacenc/src/aacenc_core.c Examining data/vo-aacenc-0.1.3/aacenc/src/quantize.c Examining data/vo-aacenc-0.1.3/aacenc/src/interface.c Examining data/vo-aacenc-0.1.3/aacenc/src/ms_stereo.c Examining data/vo-aacenc-0.1.3/aacenc/src/aacenc.c Examining data/vo-aacenc-0.1.3/aacenc/src/sf_estim.c Examining data/vo-aacenc-0.1.3/aacenc/src/tns.c Examining data/vo-aacenc-0.1.3/aacenc/src/grp_data.c Examining data/vo-aacenc-0.1.3/aacenc/src/transform.c Examining data/vo-aacenc-0.1.3/aacenc/src/psy_main.c Examining data/vo-aacenc-0.1.3/aacenc/src/channel_map.c Examining data/vo-aacenc-0.1.3/aacenc/src/memalign.c Examining data/vo-aacenc-0.1.3/aacenc/src/qc_main.c Examining data/vo-aacenc-0.1.3/aacenc/src/dyn_bits.c Examining data/vo-aacenc-0.1.3/aacenc/src/block_switch.c Examining data/vo-aacenc-0.1.3/aacenc/src/bit_cnt.c Examining data/vo-aacenc-0.1.3/aacenc/src/psy_configuration.c Examining data/vo-aacenc-0.1.3/aacenc/src/aac_rom.c Examining data/vo-aacenc-0.1.3/aacenc/src/bitbuffer.c Examining data/vo-aacenc-0.1.3/wavreader.c FINAL RESULTS: data/vo-aacenc-0.1.3/aac-enc.c:46:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "r:")) != -1) { data/vo-aacenc-0.1.3/aac-enc.c:49:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bitrate = atoi(optarg); data/vo-aacenc-0.1.3/aac-enc.c:105:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:232:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outPtr, mAudioSpecificConfigData, 2); data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:277:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mInputFrame[mNumInputSamples], data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:33:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char outBuf[1024*8]; data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:34:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inBuf[READ_SIZE]; data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:84:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). param->sampleRate = atoi(*argv); data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:90:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). param->nChannels = atoi(*argv); data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:96:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). param->bitRate = atoi(*argv); data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:102:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). param->adtsUsed = atoi(*argv); data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:167:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infile = fopen(infileName, "rb"); data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:176:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(outfileName, "wb"); data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.cpp:402:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, mAudioSpecificConfigData, sizeof(mAudioSpecificConfigData)); data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.cpp:450:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint8_t *)mInputFrame + mInputSize, inData, copy); data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.cpp:380:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, encInfo.confBuf, encInfo.confSize); data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.cpp:428:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint8_t *)mInputFrame + mInputSize, inData, copy); data/vo-aacenc-0.1.3/aacenc/inc/aac_rom.h:36:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char bitrevTab[17 + 129]; data/vo-aacenc-0.1.3/aacenc/src/aac_rom.c:2347:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char bitrevTab[17 + 129] = data/vo-aacenc-0.1.3/common/cmnMemory.c:52:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pDest, pSource, uSize); data/vo-aacenc-0.1.3/wavreader.c:69:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wr->wav = fopen(filename, "rb"); data/vo-aacenc-0.1.3/aac-enc.c:114:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read, i; data/vo-aacenc-0.1.3/aac-enc.c:118:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < inputSize) data/vo-aacenc-0.1.3/aac-enc.c:120:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (i = 0; i < read/2; i++) { data/vo-aacenc-0.1.3/aac-enc.c:125:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). input.Length = read; data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:215:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status_t AACEncoder::read( data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:245:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (mSource->read(&mInputBuffer, options) != OK) { data/vo-aacenc-0.1.3/wavreader.c:41:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tag = (tag << 8) | fgetc(wr->wav); data/vo-aacenc-0.1.3/wavreader.c:42:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tag = (tag << 8) | fgetc(wr->wav); data/vo-aacenc-0.1.3/wavreader.c:43:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tag = (tag << 8) | fgetc(wr->wav); data/vo-aacenc-0.1.3/wavreader.c:44:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tag = (tag << 8) | fgetc(wr->wav); data/vo-aacenc-0.1.3/wavreader.c:50:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). value |= fgetc(wr->wav) << 0; data/vo-aacenc-0.1.3/wavreader.c:51:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). value |= fgetc(wr->wav) << 8; data/vo-aacenc-0.1.3/wavreader.c:52:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). value |= fgetc(wr->wav) << 16; data/vo-aacenc-0.1.3/wavreader.c:53:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). value |= fgetc(wr->wav) << 24; data/vo-aacenc-0.1.3/wavreader.c:59:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). value |= fgetc(wr->wav) << 0; data/vo-aacenc-0.1.3/wavreader.c:60:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). value |= fgetc(wr->wav) << 8; ANALYSIS SUMMARY: Hits = 37 Lines analyzed = 22100 in approximately 0.57 seconds (38722 lines/second) Physical Source Lines of Code (SLOC) = 13973 Hits@level = [0] 15 [1] 16 [2] 20 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 52 [1+] 37 [2+] 21 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.72146 [1+] 2.64796 [2+] 1.5029 [3+] 0.0715666 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.