Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zita-resampler-1.6.2/apps/dither.cc
Examining data/zita-resampler-1.6.2/apps/audiofile.cc
Examining data/zita-resampler-1.6.2/apps/zresample.cc
Examining data/zita-resampler-1.6.2/apps/audiofile.h
Examining data/zita-resampler-1.6.2/apps/zretune.cc
Examining data/zita-resampler-1.6.2/apps/dither.h
Examining data/zita-resampler-1.6.2/source/zita-resampler/resampler-table.h
Examining data/zita-resampler-1.6.2/source/zita-resampler/vresampler.h
Examining data/zita-resampler-1.6.2/source/zita-resampler/resampler.h
Examining data/zita-resampler-1.6.2/source/zita-resampler/cresampler.h
Examining data/zita-resampler-1.6.2/source/cresampler.cc
Examining data/zita-resampler-1.6.2/source/resampler-table.cc
Examining data/zita-resampler-1.6.2/source/resampler.cc
Examining data/zita-resampler-1.6.2/source/vresampler.cc
FINAL RESULTS:
data/zita-resampler-1.6.2/apps/zresample.cc:86:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((k = getopt_long (ac, av, "", options, 0)) != -1)
data/zita-resampler-1.6.2/apps/zretune.cc:83:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((k = getopt_long (ac, av, "", options, 0)) != -1)
data/zita-resampler-1.6.2/source/cresampler.cc:177:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (_buff, pb, (4 - nr) * _nchan * sizeof (float));
data/zita-resampler-1.6.2/source/resampler.cc:387:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (_buff, p1, n * sizeof (float));
data/zita-resampler-1.6.2/source/vresampler.cc:434:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (_buff, p1, n * sizeof (float));
data/zita-resampler-1.6.2/apps/audiofile.cc:254:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Audiofile::read (float *data, uint64_t frames)
data/zita-resampler-1.6.2/apps/audiofile.h:110:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read (float *data, uint64_t frames);
data/zita-resampler-1.6.2/apps/zresample.cc:250:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
k = Ainp.read (inpb, BUFFSIZE);
data/zita-resampler-1.6.2/apps/zresample.cc:284:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
k = Ainp.read (inpb, BUFFSIZE);
data/zita-resampler-1.6.2/apps/zretune.cc:224:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
k = Ainp.read (inpb, BUFFSIZE);
data/zita-resampler-1.6.2/apps/zretune.cc:254:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
k = Ainp.read (inpb, BUFFSIZE);
ANALYSIS SUMMARY:
Hits = 11
Lines analyzed = 2727 in approximately 0.06 seconds (45780 lines/second)
Physical Source Lines of Code (SLOC) = 2037
Hits@level = [0] 46 [1] 6 [2] 3 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 57 [1+] 11 [2+] 5 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 27.9823 [1+] 5.4001 [2+] 2.45459 [3+] 0.981836 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.