Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/webrtc-audio-processing-0.3/webrtc/common_types.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock_generic.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock_win.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/metrics_default.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/event_timer_win.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/critical_section_win.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_posix.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock_posix.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/logging.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/critical_section_win.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/aligned_malloc.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/cpu_features.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/event_timer_win.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/critical_section.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/sleep.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/critical_section_posix.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/thread_win.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock_win.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock_generic.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/event.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/thread_posix.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/event_timer_posix.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock_posix.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/event_timer_posix.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_posix.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/thread_posix.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/critical_section_posix.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/thread.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/thread_win.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/file_wrapper.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/scoped_vector.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/compile_assert_c.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/asm_defines.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/logging.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/aligned_malloc.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/rw_lock_wrapper.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/sleep.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/stl_util.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/cpu_features_wrapper.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/metrics.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/event_wrapper.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/aligned_array.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/static_instance.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/trace.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/critical_section_wrapper.h Examining data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/thread_wrapper.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/rms_level.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/audio_buffer.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/processing_component.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/typing_detection.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pitch_internal.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/gmm.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pitch_based_vad.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/voice_activity_detector.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/vad_circular_buffer.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/vad_circular_buffer.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pitch_internal.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/voice_gmm_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/gmm.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/standalone_vad.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/standalone_vad.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/common.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/voice_activity_detector.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/vad_audio_proc.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/vad_audio_proc.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/noise_gmm_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pole_zero_filter.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pole_zero_filter.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/vad_audio_proc_internal.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pitch_based_vad.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/audio_processing_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/echo_control_mobile_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/logging/aec_logging_file_handling.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/logging/aec_logging.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/logging/aec_logging_file_handling.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/audio_processing_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/rms_level.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/matrix.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/covariance_matrix_generator.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/nonlinear_beamformer.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/matrix_test_helpers.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/beamformer.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/nonlinear_beamformer.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/covariance_matrix_generator.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/array_util.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/complex_matrix.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/array_util.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/three_band_filter_bank.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/high_pass_filter_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/histogram.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/agc.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/gain_map_internal.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/agc_manager_direct.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/agc_manager_direct.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/utility.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/agc.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/utility.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/digital_agc.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/digital_agc.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/gain_control.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/histogram.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/splitting_filter.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/echo_cancellation_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/include/audio_processing.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_defines.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_c.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/include/echo_control_mobile.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_neon.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/three_band_filter_bank.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/common.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/audio_buffer.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/noise_suppression_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/wpd_node.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/wpd_tree.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/moving_moments.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/moving_moments.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/click_annotate.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/file_utils.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/daubechies_8_wavelet_coeffs.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/dyadic_decimator.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/transient_detector.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/wpd_tree.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/common.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/wpd_node.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/transient_suppressor.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/transient_suppressor.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/transient_detector.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/file_utils.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/level_estimator_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/voice_detection_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/gain_control_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/voice_detection_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/echo_control_mobile_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_defines.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/defines.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/noise_suppression_x.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/noise_suppression.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/include/noise_suppression_x.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/include/noise_suppression.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core_neon.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core_c.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/windows_private.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/high_pass_filter_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_sse2.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_rdft.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_resampler.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_rdft_neon.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_neon.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_rdft.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation_internal.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_resampler.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_rdft_sse2.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/include/echo_cancellation.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_internal.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_common.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/intelligibility/intelligibility_enhancer.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/intelligibility/intelligibility_utils.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/intelligibility/intelligibility_utils.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/intelligibility/intelligibility_enhancer.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/noise_suppression_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/utility/delay_estimator.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/utility/delay_estimator_wrapper.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/utility/delay_estimator_internal.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/utility/delay_estimator.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/utility/delay_estimator_wrapper.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/echo_cancellation_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/gain_control_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/level_estimator_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/processing_component.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/splitting_filter.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/typing_detection.cc Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/bandwidth_info.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_filter.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/codec.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/encode_lpc_swb.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/structs.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filterbank_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/encode_lpc_swb.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_gain_swb_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filterbank_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_shape_swb16_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filter_functions.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/settings.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/arith_routines_logist.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_gain_swb_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filterbanks.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_shape_swb12_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_lag_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_lag_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_gain_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_shape_swb16_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_shape_swb12_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/arith_routines_hist.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_gain_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/spectrum_ar_model_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/arith_routines.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/intialize.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/os_specific_inline.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/arith_routines.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/spectrum_ar_model_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_tables.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_analysis.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.c Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_analysis.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/include/isac.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h Examining data/webrtc-audio-processing-0.3/webrtc/modules/utility/interface/audio_frame_operations.h Examining data/webrtc-audio-processing-0.3/webrtc/common_types.h Examining data/webrtc-audio-processing-0.3/webrtc/base/thread_annotations.h Examining data/webrtc-audio-processing-0.3/webrtc/base/thread_checker_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/base/scoped_ptr.h Examining data/webrtc-audio-processing-0.3/webrtc/base/stringutils.h Examining data/webrtc-audio-processing-0.3/webrtc/base/platform_file.cc Examining data/webrtc-audio-processing-0.3/webrtc/base/criticalsection.cc Examining data/webrtc-audio-processing-0.3/webrtc/base/safe_conversions_impl.h Examining data/webrtc-audio-processing-0.3/webrtc/base/platform_thread.h Examining data/webrtc-audio-processing-0.3/webrtc/base/template_util.h Examining data/webrtc-audio-processing-0.3/webrtc/base/event.h Examining data/webrtc-audio-processing-0.3/webrtc/base/basictypes.h Examining data/webrtc-audio-processing-0.3/webrtc/base/thread_checker_impl.cc Examining data/webrtc-audio-processing-0.3/webrtc/base/criticalsection.h Examining data/webrtc-audio-processing-0.3/webrtc/base/maybe.h Examining data/webrtc-audio-processing-0.3/webrtc/base/platform_thread.cc Examining data/webrtc-audio-processing-0.3/webrtc/base/atomicops.h Examining data/webrtc-audio-processing-0.3/webrtc/base/arraysize.h Examining data/webrtc-audio-processing-0.3/webrtc/base/stringutils.cc Examining data/webrtc-audio-processing-0.3/webrtc/base/thread_checker.h Examining data/webrtc-audio-processing-0.3/webrtc/base/platform_file.h Examining data/webrtc-audio-processing-0.3/webrtc/base/checks.h Examining data/webrtc-audio-processing-0.3/webrtc/base/event.cc Examining data/webrtc-audio-processing-0.3/webrtc/base/checks.cc Examining data/webrtc-audio-processing-0.3/webrtc/base/constructormagic.h Examining data/webrtc-audio-processing-0.3/webrtc/base/safe_conversions.h Examining data/webrtc-audio-processing-0.3/webrtc/common.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/lapped_transform.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/blocker.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fft4g.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/audio_converter.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/blocker.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/window_generator.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_core.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_filterbank.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_gmm.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_gmm.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/include/webrtc_vad.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/include/vad.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_sp.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/webrtc_vad.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_sp.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_filterbank.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/vad/vad_core.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/real_fourier.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fft4g.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/audio_converter.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter_neon.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_header.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/audio_ring_buffer.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/include/audio_util.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/channel_buffer.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/real_fourier.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/window_generator.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter_sse.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/ring_buffer.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter_sse.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/channel_buffer.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/real_fourier_openmax.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/real_fourier_ooura.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/audio_util.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter_neon.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/lapped_transform.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/sparse_fir_filter.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/filter_ar_fast_q12.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/downsample_fast_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/cross_correlation_neon.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/copy_set_operations.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_by_2_internal.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_fractional.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/refl_coef_to_lpc.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/complex_bit_reverse_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/complex_fft_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/filter_ma_fast_q12.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/lpc_to_refl_coef.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/complex_fft.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/sqrt_of_one_minus_x_squared.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/spl_sqrt_floor_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/splitting_filter.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/filter_ar.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/filter_ar_fast_q12_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/division_operations.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/real_fft.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/ilbc_specific_functions.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/randomization_functions.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/levinson_durbin.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/cross_correlation_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/auto_corr_to_refl_coef.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/vector_scaling_operations.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/include/spl_inl_armv7.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/include/signal_processing_library.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/include/spl_inl.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/include/spl_inl_mips.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/include/real_fft.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/get_scaling_square.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/cross_correlation.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/complex_fft_tables.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/auto_correlation.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/vector_scaling_operations_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_by_2_internal.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_by_2.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/downsample_fast.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/get_hanning_window.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/spl_init.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/spl_sqrt.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/min_max_operations.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_by_2_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/min_max_operations_neon.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/min_max_operations_mips.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/dot_product_with_scale.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/downsample_fast_neon.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/spl_sqrt_floor.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/complex_bit_reverse.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/energy.c Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/sparse_fir_filter.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/real_fourier_ooura.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/audio_ring_buffer.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/ring_buffer.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/sinusoidal_linear_chirp_source.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/push_resampler.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/sinc_resampler_neon.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/sinusoidal_linear_chirp_source.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/push_sinc_resampler.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/include/resampler.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/include/push_resampler.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/push_sinc_resampler.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/sinc_resampler.h Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/sinc_resampler.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/resampler.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/sinc_resampler_sse.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.cc Examining data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_header.cc Examining data/webrtc-audio-processing-0.3/webrtc/typedefs.h FINAL RESULTS: data/webrtc-audio-processing-0.3/webrtc/base/checks.cc:43:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/webrtc-audio-processing-0.3/webrtc/base/stringutils.h:96:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifndef vsnprintf data/webrtc-audio-processing-0.3/webrtc/base/stringutils.h:97:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. inline int vsnprintf(wchar_t* buf, size_t n, const wchar_t* fmt, va_list args) { data/webrtc-audio-processing-0.3/webrtc/base/stringutils.h:211:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int len = vsnprintf(buffer, buflen, format, args); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:216:19: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. int num_chars = vfprintf(id_, format, args); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:493:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name_with_counter_utf8 + length_to_, "_%lu%s", data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:521:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_name_with_counter_utf8 + length_without_file_ending, "_%lu%s", data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:593:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(temp_buff, WEBRTC_TRACE_MAX_MESSAGE_SIZE - 1, msg, args); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_posix.cc:78:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(trace_message, "Local Date: %s", ctime_r(&t, buffer)); data/webrtc-audio-processing-0.3/webrtc/base/criticalsection.cc:19:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&crit_); data/webrtc-audio-processing-0.3/webrtc/base/criticalsection.cc:41:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&crit_); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/spl_init.c:124:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&lock); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/critical_section_win.cc:16:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&crit); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/critical_section_win.cc:25:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&crit); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/rw_lock_win.cc:68:13: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. library = LoadLibrary(TEXT("Kernel32.dll")); data/webrtc-audio-processing-0.3/webrtc/base/checks.cc:69:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mangled[201]; data/webrtc-audio-processing-0.3/webrtc/base/stringutils.h:191:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, source, srclen * sizeof(CTYPE)); data/webrtc-audio-processing-0.3/webrtc/common_audio/audio_converter.cc:37:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(dst[i], src[i], dst_frames() * sizeof(*dst[i])); data/webrtc-audio-processing-0.3/webrtc/common_audio/blocker.cc:124:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(window_.get(), window, block_size_ * sizeof(*window_.get())); data/webrtc-audio-processing-0.3/webrtc/common_audio/channel_buffer.h:126:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_.get(), data, size * sizeof(*data)); data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter.cc:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter.cc:112:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state_[state_length_ - length], in, length * sizeof(*in)); data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter_neon.cc:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state_[state_length_], in, length * sizeof(*in)); data/webrtc-audio-processing-0.3/webrtc/common_audio/fir_filter_sse.cc:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state_[state_length_], in, length * sizeof(*in)); data/webrtc-audio-processing-0.3/webrtc/common_audio/lapped_transform.cc:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(parent_->real_buf_.Row(i), input[i], data/webrtc-audio-processing-0.3/webrtc/common_audio/lapped_transform.cc:50:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output[i], parent_->real_buf_.Row(i), data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/push_resampler.cc:81:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, src_length * sizeof(T)); data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/push_sinc_resampler.cc:95:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(destination, source_ptr_, frames * sizeof(*destination)); data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/resampler.cc:464:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(samplesOut, samplesIn, lengthIn * sizeof(int16_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/resampler/sinc_resampler.cc:334:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r1_, r3_, sizeof(*input_buffer_.get()) * kKernelSize); data/webrtc-audio-processing-0.3/webrtc/common_audio/ring_buffer.c:139:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buf_ptr_1, buf_ptr_bytes_1); data/webrtc-audio-processing-0.3/webrtc/common_audio/ring_buffer.c:140:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char*) data) + buf_ptr_bytes_1, buf_ptr_2, buf_ptr_bytes_2); data/webrtc-audio-processing-0.3/webrtc/common_audio/ring_buffer.c:144:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buf_ptr_1, buf_ptr_bytes_1); data/webrtc-audio-processing-0.3/webrtc/common_audio/ring_buffer.c:177:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->data + self->write_pos * self->element_size, data/webrtc-audio-processing-0.3/webrtc/common_audio/ring_buffer.c:183:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->data + self->write_pos * self->element_size, data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/include/signal_processing_library.h:102:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v1, v2, (length) * sizeof(int16_t)) data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/real_fft.c:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(complex_data_out, complex_buffer, sizeof(int16_t) * (n + 2)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/real_fft.c:87:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(complex_buffer, complex_data_in, sizeof(int16_t) * (n + 2)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:41:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpmem + 8, state->S_48_32, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:42:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->S_48_32, tmpmem + 488, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:79:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpmem + 8, state->S_32_24, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:80:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->S_32_24, tmpmem + 328, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpmem + 8, state->S_24_16, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->S_24_16, tmpmem + 248, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:162:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpmem + 256, state->S_16_12, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/signal_processing/resample_48khz.c:163:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->S_16_12, tmpmem + 416, 8 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/common_audio/sparse_fir_filter.cc:48:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&state_[0], data/webrtc-audio-processing-0.3/webrtc/common_audio/sparse_fir_filter.cc:55:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(&state_[state_.size() - length], in, length * sizeof(*in)); data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.cc:49:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). : file_handle_(fopen(filename.c_str(), "rb")) { data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.cc:109:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file_handle_(fopen(filename.c_str(), "wb")) { data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_header.cc:211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &header, kWavHeaderSize); data/webrtc-audio-processing-0.3/webrtc/common_types.h:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plname[RTP_PAYLOAD_NAME_SIZE]; data/webrtc-audio-processing-0.3/webrtc/common_types.h:695:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plName[kPayloadNameSize]; data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.c:598:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp[1], &a[1], (m - 1) * sizeof(double)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.c:620:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&a[1], &tmp[1], (m - 1) * sizeof(double)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.c:705:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&poly[1], ptrIO, sizeof(double) * vecSize); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.c:1200:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(encData->indexLPCShape, idx, UB_LPC_ORDER * data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.c:1215:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(encData->indexLPCShape, idx, UB_LPC_ORDER * data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/entropy_coding.c:1380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lpcGainIndex, idx, UB_LPC_GAIN_DIM * sizeof(int)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filter_functions.c:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuffer, wfdata->buffer, sizeof(double) * PITCH_WLPCBUFLEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filter_functions.c:147:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuffer+PITCH_WLPCBUFLEN, in, sizeof(double) * PITCH_FRAME_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filter_functions.c:148:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wfdata->buffer, tmpbuffer+PITCH_FRAME_LEN, sizeof(double) * PITCH_WLPCBUFLEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filter_functions.c:195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(weiout, weoutbuf+PITCH_WLPCORDER, sizeof(double) * PITCH_FRAME_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filter_functions.c:196:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(whiout, whoutbuf+PITCH_WLPCORDER, sizeof(double) * PITCH_FRAME_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/filter_functions.c:229:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_vec+1, in, sizeof(double) * (N-1)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_analysis.c:438:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(corrMat[frameCntr], corrSubFrame, data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/lpc_analysis.c:513:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aPolynom[1], &filtCoeffVecs[(subFrameCntr * (UB_LPC_ORDER + 1)) + data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.c:166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf_dec, State->dec_buffer, sizeof(double) * (PITCH_CORR_LEN2+PITCH_CORR_STEP2+PITCH_MAX_LAG/2-PITCH_FRAME_LEN/2+2)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.c:177:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(State->dec_buffer, buf_dec+PITCH_FRAME_LEN/2, sizeof(double) * (PITCH_CORR_LEN2+PITCH_CORR_STEP2+PITCH_MAX_LAG/2-PITCH_FRAME_LEN/2+2)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.c:492:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Whitened, State->whitened_buf, sizeof(double) * QLOOKAHEAD); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.c:498:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(State->whitened_buf, Whitened+PITCH_FRAME_LEN, sizeof(double) * QLOOKAHEAD); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.c:614:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inbuf, State->inbuf, sizeof(double) * QLOOKAHEAD); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_estimator.c:615:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inbuf+QLOOKAHEAD, in, sizeof(double) * PITCH_FRAME_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_filter.c:276:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filter_parameters.buffer, filter_state->ubuf, data/webrtc-audio-processing-0.3/webrtc/modules/audio_coding/codecs/isac/main/source/pitch_filter.c:278:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filter_parameters.damper_state, filter_state->ystate, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:387:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(efw, dfw, sizeof(efw[0][0]) * 2 * PART_LEN1); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:431:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xfw, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:993:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->xfwBuf, xfw_ptr, sizeof(float) * 2 * PART_LEN1); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1050:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hNlPref, &hNl[minPrefBand], sizeof(float) * prefBandSize); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1165:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->dBuf, aec->dBuf + PART_LEN, sizeof(float) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->eBuf, aec->eBuf + PART_LEN, sizeof(float) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->dBufH[j], aec->dBufH[j] + PART_LEN, sizeof(float) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1216:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->dBufH[i] + PART_LEN, nearend_ptr, sizeof(nearend)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1219:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->dBuf + PART_LEN, nearend_ptr, sizeof(nearend)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1238:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fft, aec->dBuf, sizeof(float) * PART_LEN2); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->xfBuf[0] + aec->xfBufBlockPos * PART_LEN1, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1313:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->xfBuf[1] + aec->xfBufBlockPos * PART_LEN1, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1341:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aec->eBuf + PART_LEN, e, sizeof(float) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1343:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fft + PART_LEN, e, sizeof(float) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1712:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fft, farend, sizeof(float) * PART_LEN2); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core.c:1717:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fft, farend, sizeof(float) * PART_LEN2); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_neon.c:622:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(efw, dfw, sizeof(efw[0][0]) * 2 * PART_LEN1); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_neon.c:679:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xfw, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_sse2.c:602:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(efw, dfw, sizeof(efw[0][0]) * 2 * PART_LEN1); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_core_sse2.c:663:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xfw, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/aec_resampler.c:84:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&obj->buffer[FRAME_LEN + kResamplingDelay], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[64]; data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:154:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "aec_buf%d.dat", webrtc_aec_instance_count); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:155:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecpc->bufFile = fopen(filename, "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:156:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "aec_skew%d.dat", webrtc_aec_instance_count); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:157:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecpc->skewFile = fopen(filename, "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:158:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "aec_delay%d.dat", webrtc_aec_instance_count); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:159:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecpc->delayFile = fopen(filename, "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:649:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out[i], nearend[i], sizeof(nearend[i][0]) * nrOfSamples); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aec/echo_cancellation.c:774:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out[i], near[i], sizeof(near[i][0]) * num_samples); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(self->far_history[self->far_history_pos * PART_LEN1]), data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:287:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->channelStored, echo_path, sizeof(int16_t) * PART_LEN1); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:289:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->channelAdapt16, echo_path, sizeof(int16_t) * PART_LEN1); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:328:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->channelStored, aecm->channelAdapt16, sizeof(int16_t) * PART_LEN1); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:350:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->channelAdapt16, aecm->channelStored, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:637:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, out_ptr, FRAME_LEN * sizeof(int16_t)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:1184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->farBuf + aecm->farBufWritePos, farend + writePos, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:1191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->farBuf + aecm->farBufWritePos, farend + writePos, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:1224:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(farend + readPos, aecm->farBuf + aecm->farBufReadPos, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core.c:1230:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(farend + readPos, aecm->farBuf + aecm->farBufReadPos, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_c.c:135:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->xBuf, aecm->xBuf + PART_LEN, sizeof(int16_t) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_c.c:136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufNoisy, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_c.c:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufClean, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_c.c:343:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->xBuf + PART_LEN, farend, sizeof(int16_t) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_c.c:344:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufNoisy + PART_LEN, nearendNoisy, sizeof(int16_t) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_c.c:347:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufClean + PART_LEN, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:424:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->xBuf, aecm->xBuf + PART_LEN, sizeof(int16_t) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:425:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufNoisy, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:429:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufClean, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:536:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->channelStored, aecm->channelAdapt16, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:582:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->channelAdapt16, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:865:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->xBuf + PART_LEN, farend, sizeof(int16_t) * PART_LEN); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:866:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufNoisy + PART_LEN, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/aecm_core_mips.c:870:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aecm->dBufClean + PART_LEN, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:106:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecm->aecmCore->farFile = fopen("aecFar.pcm","wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:107:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecm->aecmCore->nearFile = fopen("aecNear.pcm","wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:108:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecm->aecmCore->outFile = fopen("aecOut.pcm","wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:111:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecm->bufFile = fopen("aecBuf.dat", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:112:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecm->delayFile = fopen("aecDelay.dat", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:113:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecm->preCompFile = fopen("preComp.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:114:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). aecm->postCompFile = fopen("postComp.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:307:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, nearendNoisy, sizeof(short) * nrOfSamples); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:311:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, nearendClean, sizeof(short) * nrOfSamples); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:405:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(aecm->farendOld[i][0]), farend_ptr, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:410:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(farend, &(aecm->farendOld[i][0]), FRAME_LEN * sizeof(short)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/aecm/echo_control_mobile.c:611:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(echo_path_ptr, aecm->aecmCore->channelStored, size_bytes); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/agc_manager_direct.cc:92:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). : file_(fopen(filename, "wb")) { data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.c:232:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_speech, &in_mic[0][i * 16], 16 * sizeof(short)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.c:1218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stt->env[0], stt->env[1], 10 * sizeof(int32_t)); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.c:1219:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stt->Rxx16w32_array[0], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.c:1321:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stt->fpt = fopen("./agc_test_log.txt", "wt"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.c:1322:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stt->agcLog = fopen("./agc_debug_log.txt", "wt"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/analog_agc.c:1323:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stt->digitalAgc.logFile = fopen("./agc_log.txt", "wt"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/agc/legacy/digital_agc.c:336:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out[i], in_near[i], 10 * L * sizeof(in_near[i][0])); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/audio_buffer.cc:447:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(low_pass_reference_channels_->channels()[i], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/audio_processing_impl.cc:905:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char filename[AudioProcessing::kMaxFilenameSize]) { data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/audio_processing_impl.h:105:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int StartDebugRecording(const char filename[kMaxFilenameSize]) override; data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/echo_control_mobile_impl.cc:211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(external_echo_path_, echo_path, size_bytes); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/include/audio_processing.h:409:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. virtual int StartDebugRecording(const char filename[kMaxFilenameSize]) = 0; data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/intelligibility/intelligibility_enhancer.cc:142:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(audio[i], temp_render_out_buffer_.channels()[i], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/logging/aec_logging_file_handling.cc:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[64]; data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/logging/aec_logging_file_handling.cc:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[64]; data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/logging/aec_logging_file_handling.cc:54:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *file = fopen(filename, "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.c:862:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.c:866:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + buffer_length - frame_length, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.c:1180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->noise, noise, sizeof(*noise) * self->magnLen); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.c:1181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->magnPrevAnalyze, magn, sizeof(*magn) * self->magnLen); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.c:1310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->magnPrevProcess, magn, sizeof(*magn) * self->magnLen); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/ns_core.c:1311:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->noisePrev, self->noise, sizeof(self->noise[0]) * self->magnLen); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:516:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->synthesisBuffer, inst->synthesisBuffer + inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:529:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->analysisBuffer, inst->analysisBuffer + inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:531:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->analysisBuffer + inst->anaLen - inst->blockLen10ms, new_speech, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:748:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inst->infile = fopen("indebug.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:749:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inst->outfile = fopen("outdebug.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:750:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inst->file1 = fopen("file1.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:751:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inst->file2 = fopen("file2.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:752:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inst->file3 = fopen("file3.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:753:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inst->file4 = fopen("file4.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:754:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inst->file5 = fopen("file5.pcm", "wb"); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:1445:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->synthesisBuffer, inst->synthesisBuffer + inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:1581:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->dataBufHBFX[i], inst->dataBufHBFX[i] + inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:1583:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->dataBufHBFX[i] + block_shift, speechFrameHB[i], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:2043:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->dataBufHBFX[i], inst->dataBufHBFX[i] + inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core.c:2045:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->dataBufHBFX[i] + inst->anaLen - inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core_mips.c:345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->analysisBuffer, inst->analysisBuffer + inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core_mips.c:347:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->analysisBuffer + inst->anaLen - inst->blockLen10ms, new_speech, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/ns/nsx_core_mips.c:748:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst->synthesisBuffer, inst->synthesisBuffer + inst->blockLen10ms, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/click_annotate.cc:57:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int chunk_size_ms = atoi(argv[3]); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/click_annotate.cc:63:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int sample_rate_hz = atoi(argv[4]); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/transient_suppressor.cc:221:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data[i * data_length_], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/transient_suppressor.cc:346:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in_buffer_[buffer_delay_ + i * analysis_length_], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/transient/wpd_node.cc:67:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_.get(), new_data, length * sizeof(data_[0])); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pole_zero_filter.cc:42:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(numerator_coefficients_, numerator_coefficients, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pole_zero_filter.cc:44:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(denominator_coefficients_, denominator_coefficients, data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pole_zero_filter.cc:92:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(past_input_, &in[num_input_samples - order_numerator_], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/pole_zero_filter.cc:94:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(past_output_, &output[num_input_samples - order_denominator_], data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/standalone_vad.cc:55:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer_[index_], data, sizeof(int16_t) * length); data/webrtc-audio-processing-0.3/webrtc/modules/audio_processing/vad/vad_audio_proc.cc:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(audio_buffer_, &audio_buffer_[kNumSamplesToProcess], data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:324:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationOffset, src.fragmentationOffset, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:328:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationLength, src.fragmentationLength, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:332:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationTimeDiff, src.fragmentationTimeDiff, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:336:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationPlType, src.fragmentationPlType, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:354:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationOffset, oldOffsets, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:364:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationLength, oldLengths, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:374:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationTimeDiff, oldTimeDiffs, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:384:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragmentationPlType, oldTimePlTypes, data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:597:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_, data, sizeof(int16_t) * length); data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:621:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_, src.data_, sizeof(int16_t) * length); data/webrtc-audio-processing-0.3/webrtc/modules/interface/module_common_types.h:701:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_, rhs.data_, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/include/trace.h:64:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int32_t TraceFile(char file_name[1024]); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/aligned_malloc.cc:82:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header_pointer, &memory_start, sizeof(uintptr_t)); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name_utf8, file_name_utf8_, length); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:115:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wide_file_name[kMaxFileNameSize]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:118:3: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:140:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp_id = fopen(file_name_utf8, "rt"); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:142:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp_id = fopen(file_name_utf8, "wt"); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:146:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp_id = fopen(file_name_utf8, "rb"); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:148:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp_id = fopen(file_name_utf8, "wb"); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:155:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name_utf8_, file_name_utf8, length + 1); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.h:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_utf8_[kMaxFileNameSize]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:81:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(trace_message, "%10u; ", thread_id); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:93:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "STATEINFO ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:96:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "WARNING ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:99:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "ERROR ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:102:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "CRITICAL ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:105:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "DEBUGINFO ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:108:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "MODULECALL; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:111:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "MEMORY ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:114:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "TIMER ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:117:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "STREAM ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:120:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "APICALL ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:123:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sz_message, "DEBUG ; "); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:153:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " VOICE:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " VIDEO:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:161:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " UTILITY:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:165:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " RTP/RTCP:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:169:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " TRANSPORT:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:173:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "AUDIO CODING:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:177:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " SRTP:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:181:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " AUDIO MIX/S:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:185:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " AUDIO MIX/C:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:189:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "VIDEO CODING:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:194:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " VIDEO MIX:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:198:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " FILE:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:202:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " AUDIO PROC:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:206:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "AUDIO DEVICE:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:210:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "VIDEO RENDER:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:214:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "VIDEO CAPTUR:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:218:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " BWE RBE:%5ld %5ld;", id_engine, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:230:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " VOICE:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:233:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " VIDEO:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:236:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " UTILITY:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:239:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " RTP/RTCP:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:242:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " TRANSPORT:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:245:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "AUDIO CODING:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:248:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " SRTP:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:251:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " AUDIO MIX/S:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:254:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " AUDIO MIX/C:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:257:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "VIDEO CODING:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:260:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " VIDEO MIX:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:263:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " FILE:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:266:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " AUDIO PROC:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:269:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "AUDIO DEVICE:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:272:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "VIDEO RENDER:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:275:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "VIDEO CAPTUR:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:278:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, " BWE RBE:%11ld;", idl); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:296:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_with_counter_utf8[FileWrapper::kMaxFileNameSize]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:315:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_utf8[FileWrapper::kMaxFileNameSize]) { data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:328:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char msg[WEBRTC_TRACE_MAX_MESSAGE_SIZE], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:358:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char trace_message[WEBRTC_TRACE_MAX_MESSAGE_SIZE], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:379:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_file_name[FileWrapper::kMaxFileNameSize]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:380:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_file_name[FileWrapper::kMaxFileNameSize]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:396:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[WEBRTC_TRACE_MAX_MESSAGE_SIZE + 1]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:406:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trace_message[WEBRTC_TRACE_MAX_MESSAGE_SIZE]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:407:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trace_message, msg, length); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:417:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char msg[WEBRTC_TRACE_MAX_MESSAGE_SIZE]) { data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:421:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trace_message[WEBRTC_TRACE_MAX_MESSAGE_SIZE]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:464:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char file_name_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_with_counter_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:492:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name_with_counter_utf8, file_name_utf8, length_to_); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:500:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char file_name_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:501:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_with_counter_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:519:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_name_with_counter_utf8, file_name_utf8, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:538:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int32_t Trace::TraceFile(char file_name[FileWrapper::kMaxFileNameSize]) { data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:585:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buff[WEBRTC_TRACE_MAX_MESSAGE_SIZE]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h:43:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int32_t TraceFileImpl(char file_name[FileWrapper::kMaxFileNameSize]); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h:75:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char msg[WEBRTC_TRACE_MAX_MESSAGE_SIZE], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h:79:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char trace_message[WEBRTC_TRACE_MAX_MESSAGE_SIZE], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h:84:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char file_name_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_with_counter_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h:89:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char file_name_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.h:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name_with_counter_utf8[FileWrapper::kMaxFileNameSize], data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_posix.cc:67:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "(%2u:%2u:%2u:%3u |%5lu) ", system_time->tm_hour, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_posix.cc:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[26]; // man ctime says buffer should have room for >=26 bytes. data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.cc:48:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "(%2u:%2u:%2u:%3u |%5u) ", system_time.wHour, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.cc:65:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "(%2u:%2u:%2u:%3u |%5u) ", system_time.wHour, data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.cc:79:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR sz_date_str[20]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.cc:80:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR sz_time_str[20]; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.cc:90:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(trace_message, "Local Date: %ls Local Time: %ls", sz_date_str, data/webrtc-audio-processing-0.3/webrtc/base/platform_thread.cc:61:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RTC_DCHECK(strlen(name) < 64); data/webrtc-audio-processing-0.3/webrtc/base/stringutils.cc:105:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp(s1, s2, strlen(s2)) == 0; data/webrtc-audio-processing-0.3/webrtc/base/stringutils.cc:109:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t s1_length = strlen(s1); data/webrtc-audio-processing-0.3/webrtc/base/stringutils.cc:110:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t s2_length = strlen(s2); data/webrtc-audio-processing-0.3/webrtc/base/stringutils.h:75:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inline size_t strlen(const wchar_t* s) { data/webrtc-audio-processing-0.3/webrtc/base/stringutils.h:76:10: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return wcslen(s); data/webrtc-audio-processing-0.3/webrtc/common_audio/audio_ring_buffer.cc:45:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). RTC_CHECK_EQ(read, frames); data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.cc:74:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). RTC_CHECK_LE(read, num_samples_remaining_); data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.cc:75:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). num_samples_remaining_ -= rtc::checked_cast<uint32_t>(read); data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.cc:82:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/webrtc-audio-processing-0.3/webrtc/common_audio/wav_file.cc:96:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:77:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ReadLockScoped read(*rw_lock_); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:78:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(file_name_utf8_); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:97:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ReadLockScoped read(*rw_lock_); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/file_impl.cc:106:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(file_name_utf8); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:467:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32_t length = (int32_t)strlen(file_name_utf8); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_impl.cc:503:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32_t length = (int32_t)strlen(file_name_utf8); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_posix.cc:79:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32_t len = static_cast<int32_t>(strlen(trace_message)); data/webrtc-audio-processing-0.3/webrtc/system_wrappers/source/trace_win.cc:94:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return static_cast<int32_t>(strlen(trace_message) + 1); ANALYSIS SUMMARY: Hits = 313 Lines analyzed = 76839 in approximately 1.98 seconds (38870 lines/second) Physical Source Lines of Code (SLOC) = 49713 Hits@level = [0] 42 [1] 19 [2] 279 [3] 6 [4] 9 [5] 0 Hits@level+ = [0+] 355 [1+] 313 [2+] 294 [3+] 15 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 7.14099 [1+] 6.29614 [2+] 5.91395 [3+] 0.301732 [4+] 0.181039 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.