stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zyn-1+git.20100609+dfsg0/lfo_parameters.h
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam.c
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_amp_envelope.cpp
Examining data/zyn-1+git.20100609+dfsg0/log.c
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_lfo.cpp
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_voice_globals.cpp
Examining data/zyn-1+git.20100609+dfsg0/addnote.h
Examining data/zyn-1+git.20100609+dfsg0/resonance.h
Examining data/zyn-1+git.20100609+dfsg0/oscillator.h
Examining data/zyn-1+git.20100609+dfsg0/portamento.c
Examining data/zyn-1+git.20100609+dfsg0/fft.h
Examining data/zyn-1+git.20100609+dfsg0/zynadd.c
Examining data/zyn-1+git.20100609+dfsg0/filter_common.h
Examining data/zyn-1+git.20100609+dfsg0/oscillator_access.c
Examining data/zyn-1+git.20100609+dfsg0/envelope_parameters.cpp
Examining data/zyn-1+git.20100609+dfsg0/addnote.cpp
Examining data/zyn-1+git.20100609+dfsg0/addsynth_internal.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_amp_globals.cpp
Examining data/zyn-1+git.20100609+dfsg0/lfo.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_filter_envelope.cpp
Examining data/zyn-1+git.20100609+dfsg0/formant_filter.cpp
Examining data/zyn-1+git.20100609+dfsg0/analog_filter.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth.h
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map_voice.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_frequency_globals.cpp
Examining data/zyn-1+git.20100609+dfsg0/filter_base.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_filter_globals.cpp
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_filter_formant.cpp
Examining data/zyn-1+git.20100609+dfsg0/zynadd.h
Examining data/zyn-1+git.20100609+dfsg0/lv2plugin.c
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_frequency_envelope.cpp
Examining data/zyn-1+git.20100609+dfsg0/filter_parameters.h
Examining data/zyn-1+git.20100609+dfsg0/globals.h
Examining data/zyn-1+git.20100609+dfsg0/sv_filter.cpp
Examining data/zyn-1+git.20100609+dfsg0/formant_filter.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_filter_analog.cpp
Examining data/zyn-1+git.20100609+dfsg0/lv2-midifunctions.h
Examining data/zyn-1+git.20100609+dfsg0/zynadd_internal.h
Examining data/zyn-1+git.20100609+dfsg0/filter_sv.h
Examining data/zyn-1+git.20100609+dfsg0/envelope.h
Examining data/zyn-1+git.20100609+dfsg0/util.c
Examining data/zyn-1+git.20100609+dfsg0/filter_sv.c
Examining data/zyn-1+git.20100609+dfsg0/log.h
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_value_changed_callbacks.h
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.h
Examining data/zyn-1+git.20100609+dfsg0/common.h
Examining data/zyn-1+git.20100609+dfsg0/portamento.h
Examining data/zyn-1+git.20100609+dfsg0/util.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth.cpp
Examining data/zyn-1+git.20100609+dfsg0/lfo.cpp
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_value_changed_callbacks.c
Examining data/zyn-1+git.20100609+dfsg0/fft.c
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map_top.c
Examining data/zyn-1+git.20100609+dfsg0/filter.cpp
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map_voice.c
Examining data/zyn-1+git.20100609+dfsg0/list.h
Examining data/zyn-1+git.20100609+dfsg0/sv_filter.h
Examining data/zyn-1+git.20100609+dfsg0/envelope_parameters.h
Examining data/zyn-1+git.20100609+dfsg0/oscillator.c
Examining data/zyn-1+git.20100609+dfsg0/lv2plugin.h
Examining data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map_top.h
Examining data/zyn-1+git.20100609+dfsg0/lv2-miditype.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component.h
Examining data/zyn-1+git.20100609+dfsg0/addsynth_component_filter_sv.cpp
Examining data/zyn-1+git.20100609+dfsg0/resonance.cpp
Examining data/zyn-1+git.20100609+dfsg0/filter_parameters.cpp
Examining data/zyn-1+git.20100609+dfsg0/envelope.cpp
Examining data/zyn-1+git.20100609+dfsg0/analog_filter.cpp
Examining data/zyn-1+git.20100609+dfsg0/filter.h

FINAL RESULTS:

data/zyn-1+git.20100609+dfsg0/log.c:33:3:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vprintf(format, arglist);
data/zyn-1+git.20100609+dfsg0/oscillator.c:1795:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(oscillator_ptr->randseed);
data/zyn-1+git.20100609+dfsg0/oscillator.c:1825:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(realrnd + 1);
data/zyn-1+git.20100609+dfsg0/envelope_parameters.h:103:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char Penvdt[MAX_ENVELOPE_POINTS];
data/zyn-1+git.20100609+dfsg0/envelope_parameters.h:105:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char m_values_params[MAX_ENVELOPE_POINTS];
data/zyn-1+git.20100609+dfsg0/oscillator.h:36:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char Phmag[MAX_AD_HARMONICS],Phphase[MAX_AD_HARMONICS];//the MIDI parameters for mag. and phases
data/zyn-1+git.20100609+dfsg0/resonance.h:30:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char points[N_RES_POINTS]; // how many points define the resonance function
data/zyn-1+git.20100609+dfsg0/zynadd.c:235:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((float *)(zynadd_ptr->ports[LV2_PORT_OUTPUT_LEFT]) + now, zynadd_ptr->synth_output_left, fill * sizeof(float));
data/zyn-1+git.20100609+dfsg0/zynadd.c:236:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((float *)(zynadd_ptr->ports[LV2_PORT_OUTPUT_RIGHT]) + now, zynadd_ptr->synth_output_right, fill * sizeof(float));
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam.c:394:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char voice_group_names[VOICES_COUNT][20];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam.c:432:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(voice_group_names[i], "Voice %u", i + 1);
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c:36:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * g_shape_names[ZYN_LFO_SHAPES_COUNT];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c:37:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * g_analog_filter_type_names[ZYN_FILTER_ANALOG_TYPES_COUNT];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c:38:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * g_sv_filter_type_names[ZYN_FILTER_SV_TYPES_COUNT];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c:39:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * g_filter_type_names[ZYN_FILTER_TYPES_COUNT];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c:40:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * g_oscillator_base_function_names[ZYN_OSCILLATOR_BASE_FUNCTIONS_COUNT];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c:41:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * g_oscillator_waveshape_type_names[ZYN_OSCILLATOR_WAVESHAPE_TYPES_COUNT];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.c:42:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * g_oscillator_spectrum_adjust_type_names[ZYN_OSCILLATOR_SPECTRUM_ADJUST_TYPES_COUNT];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.h:197:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * hint_names[ZYN_MAX_HINTS];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.h:198:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * hint_values[ZYN_MAX_HINTS];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.h:207:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * hint_names[ZYN_MAX_HINTS];
data/zyn-1+git.20100609+dfsg0/zynadd_dynparam_forest_map.h:208:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * hint_values[ZYN_MAX_HINTS];

ANALYSIS SUMMARY:

Hits = 22
Lines analyzed = 16290 in approximately 0.36 seconds (44908 lines/second)
Physical Source Lines of Code (SLOC) = 11255
Hits@level = [0]   0 [1]   0 [2]  19 [3]   2 [4]   1 [5]   0
Hits@level+ = [0+]  22 [1+]  22 [2+]  22 [3+]   3 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 1.95469 [1+] 1.95469 [2+] 1.95469 [3+] 0.266548 [4+] 0.0888494 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.