Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/wsynth-dssi-0.1.3/src/xsynth_voice_render.c Examining data/wsynth-dssi-0.1.3/src/gtkknob.c Examining data/wsynth-dssi-0.1.3/src/gtkknob.h Examining data/wsynth-dssi-0.1.3/src/gui_images.c Examining data/wsynth-dssi-0.1.3/src/gui_images.h Examining data/wsynth-dssi-0.1.3/src/wavetable.h Examining data/wsynth-dssi-0.1.3/src/gui_callbacks.c Examining data/wsynth-dssi-0.1.3/src/gui_callbacks.h Examining data/wsynth-dssi-0.1.3/src/xsynth_synth.c Examining data/wsynth-dssi-0.1.3/src/xsynth_synth.h Examining data/wsynth-dssi-0.1.3/src/gui_friendly_patches.c Examining data/wsynth-dssi-0.1.3/src/xsynth_types.h Examining data/wsynth-dssi-0.1.3/src/xsynth-dssi.c Examining data/wsynth-dssi-0.1.3/src/xsynth_voice.c Examining data/wsynth-dssi-0.1.3/src/xsynth_voice.h Examining data/wsynth-dssi-0.1.3/src/gui_data.c Examining data/wsynth-dssi-0.1.3/src/gui_data.h Examining data/wsynth-dssi-0.1.3/src/xsynth.h Examining data/wsynth-dssi-0.1.3/src/xsynth_ports.c Examining data/wsynth-dssi-0.1.3/src/xsynth_ports.h Examining data/wsynth-dssi-0.1.3/src/gui_interface.c Examining data/wsynth-dssi-0.1.3/src/gui_interface.h Examining data/wsynth-dssi-0.1.3/src/gui_main.c Examining data/wsynth-dssi-0.1.3/src/gui_main.h Examining data/wsynth-dssi-0.1.3/src/xsynth_data.c FINAL RESULTS: data/wsynth-dssi-0.1.3/src/gui_interface.c:1590:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title, "%s - Load Patch Bank", tag); data/wsynth-dssi-0.1.3/src/gui_interface.c:1632:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title, "%s - Save Patch Bank", tag); data/wsynth-dssi-0.1.3/src/gui_interface.c:1678:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title, "%s Notice", tag); data/wsynth-dssi-0.1.3/src/gui_interface.c:1753:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title, "%s Load Position", tag); data/wsynth-dssi-0.1.3/src/gui_interface.c:1882:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title, "%s Save Range", tag); data/wsynth-dssi-0.1.3/src/gui_interface.c:2054:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title, "%s Edit Save Position", tag); data/wsynth-dssi-0.1.3/src/gui_interface.c:2176:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tag, instance_tag); data/wsynth-dssi-0.1.3/src/xsynth-dssi.c:253:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, 256, fmt, args); data/wsynth-dssi-0.1.3/src/xsynth.h:49:62: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define XDB_MESSAGE(type, fmt...) { if (XSYNTH_DEBUG & type) fprintf(stderr, "wsynth-dssi.so" fmt); } data/wsynth-dssi-0.1.3/src/xsynth.h:50:62: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define GDB_MESSAGE(type, fmt...) { if (XSYNTH_DEBUG & type) fprintf(stderr, "Wsynth_gtk" fmt); } data/wsynth-dssi-0.1.3/src/gui_callbacks.c:85:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PATH_MAX]; data/wsynth-dssi-0.1.3/src/gui_callbacks.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/wsynth-dssi-0.1.3/src/gui_callbacks.c:446:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char midi[4]; data/wsynth-dssi-0.1.3/src/gui_callbacks.c:529:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4]; data/wsynth-dssi-0.1.3/src/gui_callbacks.c:566:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4]; data/wsynth-dssi-0.1.3/src/gui_callbacks.c:863:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int poly = atoi(value); data/wsynth-dssi-0.1.3/src/gui_callbacks.c:931:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int range = atoi(value); data/wsynth-dssi-0.1.3/src/gui_callbacks.c:949:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[4], name[31]; data/wsynth-dssi-0.1.3/src/gui_callbacks.c:950:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *data[2] = { number, name }; data/wsynth-dssi-0.1.3/src/gui_data.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/wsynth-dssi-0.1.3/src/gui_data.c:119:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = fopen(filename, "wb")) == NULL) { data/wsynth-dssi-0.1.3/src/gui_data.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/wsynth-dssi-0.1.3/src/gui_data.c:166:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = fopen(filename, "rb")) == NULL) { data/wsynth-dssi-0.1.3/src/gui_data.c:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(patches, friendly_patches, friendly_patch_count * sizeof(xsynth_patch_t)); data/wsynth-dssi-0.1.3/src/gui_data.c:209:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&patches[i], &xsynth_init_voice, sizeof(xsynth_patch_t)); data/wsynth-dssi-0.1.3/src/gui_data.c:228:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(*ep, "%%%02x", patch->name[i]); data/wsynth-dssi-0.1.3/src/gui_data.c:268:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[9]; data/wsynth-dssi-0.1.3/src/gui_data.c:272:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ep, "Xp0 "); data/wsynth-dssi-0.1.3/src/gui_data.c:282:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ep, "end"); data/wsynth-dssi-0.1.3/src/gui_images.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char **waveform_xpms[7] = { data/wsynth-dssi-0.1.3/src/gui_images.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *names[8] = { data/wsynth-dssi-0.1.3/src/gui_interface.c:2166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[50]; data/wsynth-dssi-0.1.3/src/gui_interface.c:2170:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tag, "Wsynth-DSSI"); data/wsynth-dssi-0.1.3/src/gui_main.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/wsynth-dssi-0.1.3/src/xsynth-dssi.c:250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/wsynth-dssi-0.1.3/src/xsynth_data.c:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], buf2[90]; data/wsynth-dssi-0.1.3/src/xsynth_data.c:179:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(patch, &tmp, sizeof(xsynth_patch_t)); data/wsynth-dssi-0.1.3/src/xsynth_data.c:258:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(patches, tmp, 32 * sizeof(xsynth_patch_t)); data/wsynth-dssi-0.1.3/src/xsynth_synth.c:462:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(synth->patches, friendly_patches, friendly_patch_count * sizeof(xsynth_patch_t)); data/wsynth-dssi-0.1.3/src/xsynth_synth.c:465:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&synth->patches[i], &xsynth_init_voice, sizeof(xsynth_patch_t)); data/wsynth-dssi-0.1.3/src/xsynth_synth.c:558:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int polyphony = atoi(value); data/wsynth-dssi-0.1.3/src/xsynth_synth.c:617:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int range = atoi(value); data/wsynth-dssi-0.1.3/src/xsynth_synth.h:65:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char held_keys[8]; /* for monophonic key tracking, an array of note-ons, most recently received first */ data/wsynth-dssi-0.1.3/src/xsynth_synth.h:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key_pressure[128]; data/wsynth-dssi-0.1.3/src/xsynth_synth.h:79:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cc[128]; /* controller values */ data/wsynth-dssi-0.1.3/src/xsynth_voice.h:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[31]; data/wsynth-dssi-0.1.3/src/xsynth_voice_render.c:525:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(voice->osc_audio, voice->osc_audio + osc_index, data/wsynth-dssi-0.1.3/src/gui_callbacks.c:83:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (project_directory && strlen(project_directory)) { data/wsynth-dssi-0.1.3/src/gui_callbacks.c:84:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (project_directory[strlen(project_directory) - 1] != '/') { data/wsynth-dssi-0.1.3/src/gui_callbacks.c:829:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(patch->name, gtk_entry_get_text(GTK_ENTRY(name_entry)), 30); data/wsynth-dssi-0.1.3/src/gui_callbacks.c:832:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(patch->name); data/wsynth-dssi-0.1.3/src/gui_callbacks.c:959:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, patches[i].name, 31); data/wsynth-dssi-0.1.3/src/gui_interface.c:1589:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title = (char *) malloc(strlen(tag) + 19); data/wsynth-dssi-0.1.3/src/gui_interface.c:1631:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title = (char *) malloc(strlen(tag) + 19); data/wsynth-dssi-0.1.3/src/gui_interface.c:1677:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title = (char *) malloc(strlen(tag) + 8); data/wsynth-dssi-0.1.3/src/gui_interface.c:1752:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title = (char *) malloc(strlen(tag) + 15); data/wsynth-dssi-0.1.3/src/gui_interface.c:1881:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title = (char *) malloc(strlen(tag) + 12); data/wsynth-dssi-0.1.3/src/gui_interface.c:2053:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title = (char *) malloc(strlen(tag) + 20); data/wsynth-dssi-0.1.3/src/gui_interface.c:2169:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(instance_tag) == 0) { data/wsynth-dssi-0.1.3/src/gui_interface.c:2173:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(instance_tag) > 49) { data/wsynth-dssi-0.1.3/src/gui_interface.c:2174:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(tag, 50, "...%s", instance_tag + strlen(instance_tag) - 46); /* hope the unique info is at the end */ data/wsynth-dssi-0.1.3/src/gui_interface.c:2179:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(instance_tag) > 37) { data/wsynth-dssi-0.1.3/src/gui_interface.c:2181:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). instance_tag + strlen(instance_tag) - 34); data/wsynth-dssi-0.1.3/src/gui_main.c:151:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key) == 8 && !strncmp(key, "patches", 7) && data/wsynth-dssi-0.1.3/src/gui_main.c:316:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). osc_self_url = osc_build_path(tmp_url, (strlen(path) > 1 ? path + 1 : path)); data/wsynth-dssi-0.1.3/src/xsynth-dssi.c:268:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key) == 8 && !strncmp(key, "patches", 7)) { data/wsynth-dssi-0.1.3/src/xsynth_data.c:99:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(buf, " name %90s", buf2) != 1) return 0; data/wsynth-dssi-0.1.3/src/xsynth_data.c:176:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(buf, " xsynth-dssi patch %3s", buf2) != 1) return 0; ANALYSIS SUMMARY: Hits = 68 Lines analyzed = 8908 in approximately 0.33 seconds (26966 lines/second) Physical Source Lines of Code (SLOC) = 6540 Hits@level = [0] 57 [1] 21 [2] 37 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 125 [1+] 68 [2+] 47 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 19.1131 [1+] 10.3976 [2+] 7.18654 [3+] 1.52905 [4+] 1.52905 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.