Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vo-aacenc-0.1.3/aac-enc.c
Examining data/vo-aacenc-0.1.3/common/include/voMem.h
Examining data/vo-aacenc-0.1.3/common/include/voAAC.h
Examining data/vo-aacenc-0.1.3/common/include/voType.h
Examining data/vo-aacenc-0.1.3/common/include/voAudio.h
Examining data/vo-aacenc-0.1.3/common/include/voIndex.h
Examining data/vo-aacenc-0.1.3/common/include/voAMRWB.h
Examining data/vo-aacenc-0.1.3/common/include/cmnMemory.h
Examining data/vo-aacenc-0.1.3/common/cmnMemory.c
Examining data/vo-aacenc-0.1.3/wavreader.h
Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.cpp
Examining data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c
Examining data/vo-aacenc-0.1.3/aacenc/basic_op/typedef.h
Examining data/vo-aacenc-0.1.3/aacenc/basic_op/basic_op.h
Examining data/vo-aacenc-0.1.3/aacenc/basic_op/basicop2.c
Examining data/vo-aacenc-0.1.3/aacenc/basic_op/typedefs.h
Examining data/vo-aacenc-0.1.3/aacenc/basic_op/oper_32b.c
Examining data/vo-aacenc-0.1.3/aacenc/basic_op/oper_32b.h
Examining data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp
Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.cpp
Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.h
Examining data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/channel_map.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/interface.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_configuration.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/memalign.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_const.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/grp_data.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/sf_estim.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/aac_rom.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/pre_echo_control.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/config.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/aacenc_core.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/bit_cnt.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/bitenc.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/tns.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/line_pe.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/tns_param.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_data.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/transform.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/tns_func.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/dyn_bits.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/psy_main.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/stat_bits.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/qc_data.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/qc_main.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/spreading.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/adj_thr_data.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/bitbuffer.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/block_switch.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/quantize.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/ms_stereo.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/band_nrg.h
Examining data/vo-aacenc-0.1.3/aacenc/inc/adj_thr.h
Examining data/vo-aacenc-0.1.3/aacenc/src/adj_thr.c
Examining data/vo-aacenc-0.1.3/aacenc/src/bitenc.c
Examining data/vo-aacenc-0.1.3/aacenc/src/pre_echo_control.c
Examining data/vo-aacenc-0.1.3/aacenc/src/spreading.c
Examining data/vo-aacenc-0.1.3/aacenc/src/band_nrg.c
Examining data/vo-aacenc-0.1.3/aacenc/src/stat_bits.c
Examining data/vo-aacenc-0.1.3/aacenc/src/line_pe.c
Examining data/vo-aacenc-0.1.3/aacenc/src/aacenc_core.c
Examining data/vo-aacenc-0.1.3/aacenc/src/quantize.c
Examining data/vo-aacenc-0.1.3/aacenc/src/interface.c
Examining data/vo-aacenc-0.1.3/aacenc/src/ms_stereo.c
Examining data/vo-aacenc-0.1.3/aacenc/src/aacenc.c
Examining data/vo-aacenc-0.1.3/aacenc/src/sf_estim.c
Examining data/vo-aacenc-0.1.3/aacenc/src/tns.c
Examining data/vo-aacenc-0.1.3/aacenc/src/grp_data.c
Examining data/vo-aacenc-0.1.3/aacenc/src/transform.c
Examining data/vo-aacenc-0.1.3/aacenc/src/psy_main.c
Examining data/vo-aacenc-0.1.3/aacenc/src/channel_map.c
Examining data/vo-aacenc-0.1.3/aacenc/src/memalign.c
Examining data/vo-aacenc-0.1.3/aacenc/src/qc_main.c
Examining data/vo-aacenc-0.1.3/aacenc/src/dyn_bits.c
Examining data/vo-aacenc-0.1.3/aacenc/src/block_switch.c
Examining data/vo-aacenc-0.1.3/aacenc/src/bit_cnt.c
Examining data/vo-aacenc-0.1.3/aacenc/src/psy_configuration.c
Examining data/vo-aacenc-0.1.3/aacenc/src/aac_rom.c
Examining data/vo-aacenc-0.1.3/aacenc/src/bitbuffer.c
Examining data/vo-aacenc-0.1.3/wavreader.c
FINAL RESULTS:
data/vo-aacenc-0.1.3/aac-enc.c:46:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "r:")) != -1) {
data/vo-aacenc-0.1.3/aac-enc.c:49:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitrate = atoi(optarg);
data/vo-aacenc-0.1.3/aac-enc.c:105:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(outfile, "wb");
data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outPtr, mAudioSpecificConfigData, 2);
data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:277:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mInputFrame[mNumInputSamples],
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:33:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outBuf[1024*8];
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:34:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inBuf[READ_SIZE];
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:84:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param->sampleRate = atoi(*argv);
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:90:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param->nChannels = atoi(*argv);
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:96:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param->bitRate = atoi(*argv);
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:102:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param->adtsUsed = atoi(*argv);
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:167:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile = fopen(infileName, "rb");
data/vo-aacenc-0.1.3/aacenc/SampleCode/AAC_E_SAMPLES.c:176:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(outfileName, "wb");
data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.cpp:402:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, mAudioSpecificConfigData, sizeof(mAudioSpecificConfigData));
data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder.cpp:450:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)mInputFrame + mInputSize, inData, copy);
data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.cpp:380:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, encInfo.confBuf, encInfo.confSize);
data/vo-aacenc-0.1.3/aacenc/SoftAACEncoder2.cpp:428:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)mInputFrame + mInputSize, inData, copy);
data/vo-aacenc-0.1.3/aacenc/inc/aac_rom.h:36:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char bitrevTab[17 + 129];
data/vo-aacenc-0.1.3/aacenc/src/aac_rom.c:2347:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char bitrevTab[17 + 129] =
data/vo-aacenc-0.1.3/common/cmnMemory.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pDest, pSource, uSize);
data/vo-aacenc-0.1.3/wavreader.c:69:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wr->wav = fopen(filename, "rb");
data/vo-aacenc-0.1.3/aac-enc.c:114:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read, i;
data/vo-aacenc-0.1.3/aac-enc.c:118:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < inputSize)
data/vo-aacenc-0.1.3/aac-enc.c:120:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0; i < read/2; i++) {
data/vo-aacenc-0.1.3/aac-enc.c:125:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.Length = read;
data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:215:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status_t AACEncoder::read(
data/vo-aacenc-0.1.3/aacenc/AACEncoder.cpp:245:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (mSource->read(&mInputBuffer, options) != OK) {
data/vo-aacenc-0.1.3/wavreader.c:41:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-aacenc-0.1.3/wavreader.c:42:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-aacenc-0.1.3/wavreader.c:43:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-aacenc-0.1.3/wavreader.c:44:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tag = (tag << 8) | fgetc(wr->wav);
data/vo-aacenc-0.1.3/wavreader.c:50:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 0;
data/vo-aacenc-0.1.3/wavreader.c:51:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 8;
data/vo-aacenc-0.1.3/wavreader.c:52:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 16;
data/vo-aacenc-0.1.3/wavreader.c:53:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 24;
data/vo-aacenc-0.1.3/wavreader.c:59:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 0;
data/vo-aacenc-0.1.3/wavreader.c:60:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value |= fgetc(wr->wav) << 8;
ANALYSIS SUMMARY:
Hits = 37
Lines analyzed = 22100 in approximately 0.57 seconds (38722 lines/second)
Physical Source Lines of Code (SLOC) = 13973
Hits@level = [0] 15 [1] 16 [2] 20 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 52 [1+] 37 [2+] 21 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.72146 [1+] 2.64796 [2+] 1.5029 [3+] 0.0715666 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.