COMMAND : flawfinder -SQ Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:66: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:373: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:374: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:376: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:615: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:618: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:622: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:1254: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:1277: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:2096: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:2147: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:2223: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:2226: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:2377: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:2379: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:2942: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:3049: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:3444: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:3485: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:3486: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbaudio.c:3498: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 21 Lines analyzed = 3772 in 0.76 seconds (14749 lines/second) Physical Source Lines of Code (SLOC) = 2864 Hits@level = [0] 0 [1] 0 [2] 21 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 21 [1+] 21 [2+] 21 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.3324 [1+] 7.3324 [2+] 7.3324 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 249 in 0.52 seconds (13723 lines/second) Physical Source Lines of Code (SLOC) = 137 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usX2Yhwdep.c:143: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usX2Yhwdep.c:122: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usX2Yhwdep.c:277: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 3 Lines analyzed = 280 in 0.52 seconds (14862 lines/second) Physical Source Lines of Code (SLOC) = 221 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 13.5747 [1+] 13.5747 [2+] 13.5747 [3+] 4.52489 [4+] 4.52489 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usx2yhwdeppcm.h:7: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usx2yhwdeppcm.h:8: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usx2yhwdeppcm.h:9: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 20 in 0.51 seconds (1761 lines/second) Physical Source Lines of Code (SLOC) = 19 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 157.895 [1+] 157.895 [2+] 157.895 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2y.c:357: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2y.c:204: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2y.c:220: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2y.c:355: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2y.c:356: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 5 Lines analyzed = 460 in 0.53 seconds (14799 lines/second) Physical Source Lines of Code (SLOC) = 277 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 18.0505 [1+] 18.0505 [2+] 18.0505 [3+] 3.61011 [4+] 3.61011 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbus428ctldefs.h:55: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbus428ctldefs.h:63: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 104 in 0.53 seconds (3142 lines/second) Physical Source Lines of Code (SLOC) = 75 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 26.6667 [1+] 26.6667 [2+] 26.6667 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usx2yhwdeppcm.c:770: [4] (format) sprintf: Potential format string problem. Make format string constant. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usx2yhwdeppcm.c:758: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 2 Lines analyzed = 793 in 0.54 seconds (21603 lines/second) Physical Source Lines of Code (SLOC) = 620 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.22581 [1+] 3.22581 [2+] 3.22581 [3+] 1.6129 [4+] 1.6129 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 51 in 0.52 seconds (2390 lines/second) Physical Source Lines of Code (SLOC) = 20 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2y.h:29: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 83 in 0.51 seconds (6382 lines/second) Physical Source Lines of Code (SLOC) = 65 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 15.3846 [1+] 15.3846 [2+] 15.3846 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2yaudio.c:988: [4] (format) sprintf: Potential format string problem. Make format string constant. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2yaudio.c:95: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2yaudio.c:96: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2yaudio.c:98: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2yaudio.c:157: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usx2y/usbusx2yaudio.c:159: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 6 Lines analyzed = 1024 in 0.55 seconds (21608 lines/second) Physical Source Lines of Code (SLOC) = 830 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 7.22892 [1+] 7.22892 [2+] 7.22892 [3+] 1.20482 [4+] 1.20482 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 6 in 0.51 seconds (539 lines/second) Physical Source Lines of Code (SLOC) = 4 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:69: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:70: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:71: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:79: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:80: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:81: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:97: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.h:102: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 8 Lines analyzed = 128 in 0.51 seconds (8958 lines/second) Physical Source Lines of Code (SLOC) = 100 Hits@level = [0] 0 [1] 0 [2] 8 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 80 [1+] 80 [2+] 80 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 6 in 0.51 seconds (432 lines/second) Physical Source Lines of Code (SLOC) = 4 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:420: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:421: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:135: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:161: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:194: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:205: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:249: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:257: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-device.c:423: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 9 Lines analyzed = 506 in 0.53 seconds (19939 lines/second) Physical Source Lines of Code (SLOC) = 397 Hits@level = [0] 0 [1] 1 [2] 6 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 8 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 22.67 [1+] 22.67 [2+] 20.1511 [3+] 5.03778 [4+] 5.03778 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 315 in 0.52 seconds (14145 lines/second) Physical Source Lines of Code (SLOC) = 256 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 8 in 0.52 seconds (517 lines/second) Physical Source Lines of Code (SLOC) = 6 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 7 in 0.51 seconds (619 lines/second) Physical Source Lines of Code (SLOC) = 5 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-audio.c:627: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-audio.c:632: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 2 Lines analyzed = 697 in 0.56 seconds (11821 lines/second) Physical Source Lines of Code (SLOC) = 553 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.61664 [1+] 3.61664 [2+] 3.61664 [3+] 1.80832 [4+] 1.80832 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-input.c:279: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-input.c:291: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-input.c:302: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-input.c:318: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 4 Lines analyzed = 363 in 0.52 seconds (16183 lines/second) Physical Source Lines of Code (SLOC) = 292 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 13.6986 [1+] 13.6986 [2+] 13.6986 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/caiaq/caiaq-midi.c:139: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 176 in 0.52 seconds (7587 lines/second) Physical Source Lines of Code (SLOC) = 120 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 8.33333 [1+] 8.33333 [2+] 8.33333 [3+] 8.33333 [4+] 8.33333 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 8 in 0.51 seconds (653 lines/second) Physical Source Lines of Code (SLOC) = 6 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:569: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:958: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:1397: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:352: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:389: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:544: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:546: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:548: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:550: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:552: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:558: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:560: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:562: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:564: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:1098: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:1539: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:2023: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:570: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:940: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmixer.c:1864: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 20 Lines analyzed = 2075 in 0.60 seconds (20502 lines/second) Physical Source Lines of Code (SLOC) = 1629 Hits@level = [0] 0 [1] 3 [2] 14 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 20 [1+] 20 [2+] 17 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 12.2775 [1+] 12.2775 [2+] 10.4359 [3+] 1.84162 [4+] 1.84162 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 316 in 0.52 seconds (13703 lines/second) Physical Source Lines of Code (SLOC) = 163 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmidi.c:1269: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate. Use a constant for the format specification. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmidi.c:1632: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmidi.c:1718: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmidi.c:1727: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/usb/usbmidi.c:1741: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 5 Lines analyzed = 1792 in 0.70 seconds (9126 lines/second) Physical Source Lines of Code (SLOC) = 1396 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 3.58166 [1+] 3.58166 [2+] 3.58166 [3+] 1.43266 [4+] 1.43266 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1945 in 0.62 seconds (15762 lines/second) Physical Source Lines of Code (SLOC) = 1758 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 208 in 0.52 seconds (12916 lines/second) Physical Source Lines of Code (SLOC) = 127 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_synth.c:629: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_synth.c:697: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_synth.c:713: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_synth.c:729: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 4 Lines analyzed = 976 in 0.69 seconds (5262 lines/second) Physical Source Lines of Code (SLOC) = 698 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.73066 [1+] 5.73066 [2+] 5.73066 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 191 in 0.55 seconds (3731 lines/second) Physical Source Lines of Code (SLOC) = 125 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 310 in 0.52 seconds (14405 lines/second) Physical Source Lines of Code (SLOC) = 230 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 96 in 0.53 seconds (3799 lines/second) Physical Source Lines of Code (SLOC) = 55 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_seq.c:99: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_seq.c:365: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_seq.c:72: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 398 in 0.55 seconds (8494 lines/second) Physical Source Lines of Code (SLOC) = 259 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 11.583 [1+] 11.583 [2+] 11.583 [3+] 7.72201 [4+] 7.72201 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/soundfont.c:295: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 1 Lines analyzed = 1489 in 0.66 seconds (9283 lines/second) Physical Source Lines of Code (SLOC) = 1042 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.959693 [1+] 0.959693 [2+] 0.959693 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_hwdep.c:147: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 171 in 0.52 seconds (10440 lines/second) Physical Source Lines of Code (SLOC) = 107 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 9.34579 [1+] 9.34579 [2+] 9.34579 [3+] 9.34579 [4+] 9.34579 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_proc.c:111: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_proc.c:113: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 2 Lines analyzed = 133 in 0.52 seconds (6246 lines/second) Physical Source Lines of Code (SLOC) = 104 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 19.2308 [1+] 19.2308 [2+] 19.2308 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 396 in 0.52 seconds (16513 lines/second) Physical Source Lines of Code (SLOC) = 271 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_oss.c:76: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_oss.c:130: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/synth/emux/emux_oss.c:114: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 502 in 0.58 seconds (6054 lines/second) Physical Source Lines of Code (SLOC) = 351 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 8.54701 [1+] 8.54701 [2+] 8.54701 [3+] 5.69801 [4+] 5.69801 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/portman2x4.c:577: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/portman2x4.c:754: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/portman2x4.c:755: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/portman2x4.c:756: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/portman2x4.c:55: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/portman2x4.c:595: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/portman2x4.c:603: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 7 Lines analyzed = 877 in 0.54 seconds (20950 lines/second) Physical Source Lines of Code (SLOC) = 512 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 13.6719 [1+] 13.6719 [2+] 13.6719 [3+] 7.8125 [4+] 7.8125 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:616: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:791: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:965: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:966: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:967: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:36: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:605: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:809: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:819: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mts64.c:822: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 10 Lines analyzed = 1088 in 0.55 seconds (23177 lines/second) Physical Source Lines of Code (SLOC) = 756 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 10 [1+] 10 [2+] 10 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 13.2275 [1+] 13.2275 [2+] 13.2275 [3+] 6.61376 [4+] 6.61376 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 214 in 0.52 seconds (10029 lines/second) Physical Source Lines of Code (SLOC) = 145 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl4/opl4_mixer.c:87: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. Hits = 1 Lines analyzed = 95 in 0.52 seconds (4383 lines/second) Physical Source Lines of Code (SLOC) = 67 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 14.9254 [1+] 14.9254 [2+] 14.9254 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl4/yrw801.c:38: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 961 in 0.81 seconds (3081 lines/second) Physical Source Lines of Code (SLOC) = 917 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.09051 [1+] 1.09051 [2+] 1.09051 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl4/opl4_synth.c:251: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 634 in 0.54 seconds (14806 lines/second) Physical Source Lines of Code (SLOC) = 510 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.96078 [1+] 1.96078 [2+] 1.96078 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl4/opl4_lib.c:166: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 1 Lines analyzed = 279 in 0.52 seconds (14257 lines/second) Physical Source Lines of Code (SLOC) = 209 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 4.78469 [1+] 4.78469 [2+] 4.78469 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 165 in 0.52 seconds (9735 lines/second) Physical Source Lines of Code (SLOC) = 129 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 232 in 0.52 seconds (11650 lines/second) Physical Source Lines of Code (SLOC) = 135 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 14 in 0.51 seconds (988 lines/second) Physical Source Lines of Code (SLOC) = 6 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/pcsp/pcsp.c:124: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/pcsp/pcsp.c:125: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/pcsp/pcsp.c:126: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 3 Lines analyzed = 239 in 0.52 seconds (14254 lines/second) Physical Source Lines of Code (SLOC) = 191 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 15.7068 [1+] 15.7068 [2+] 15.7068 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/pcsp/pcsp_mixer.c:53: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/pcsp/pcsp_mixer.c:141: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 2 Lines analyzed = 144 in 0.54 seconds (3307 lines/second) Physical Source Lines of Code (SLOC) = 121 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 16.5289 [1+] 16.5289 [2+] 16.5289 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 84 in 0.53 seconds (3354 lines/second) Physical Source Lines of Code (SLOC) = 61 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/pcsp/pcsp_lib.c:311: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 1 Lines analyzed = 320 in 0.55 seconds (6003 lines/second) Physical Source Lines of Code (SLOC) = 257 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.89105 [1+] 3.89105 [2+] 3.89105 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 116 in 0.51 seconds (8180 lines/second) Physical Source Lines of Code (SLOC) = 78 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:625: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:627: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:629: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:631: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:633: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:670: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:722: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:723: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mtpav.c:724: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 9 Lines analyzed = 790 in 0.54 seconds (20764 lines/second) Physical Source Lines of Code (SLOC) = 518 Hits@level = [0] 0 [1] 1 [2] 8 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 17.3745 [1+] 17.3745 [2+] 15.444 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/dummy.c:144: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/dummy.c:444: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/dummy.c:570: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/dummy.c:602: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/dummy.c:603: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/dummy.c:604: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 6 Lines analyzed = 706 in 0.55 seconds (14522 lines/second) Physical Source Lines of Code (SLOC) = 597 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.0503 [1+] 10.0503 [2+] 10.0503 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:960: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:71: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:156: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:159: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:868: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:887: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:943: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/serial-u16550.c:944: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 8 Lines analyzed = 1049 in 0.63 seconds (8117 lines/second) Physical Source Lines of Code (SLOC) = 773 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 10.3493 [1+] 10.3493 [2+] 10.3493 [3+] 1.29366 [4+] 1.29366 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 573 in 0.53 seconds (19651 lines/second) Physical Source Lines of Code (SLOC) = 405 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 52 in 0.51 seconds (3939 lines/second) Physical Source Lines of Code (SLOC) = 23 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_synth.c:48: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 613 in 0.59 seconds (7104 lines/second) Physical Source Lines of Code (SLOC) = 395 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.53165 [1+] 2.53165 [2+] 2.53165 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:506: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:533: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:38: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:260: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:280: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:503: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:509: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:513: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_lib.c:517: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 9 Lines analyzed = 558 in 0.55 seconds (11941 lines/second) Physical Source Lines of Code (SLOC) = 395 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 22.7848 [1+] 22.7848 [2+] 22.7848 [3+] 5.06329 [4+] 5.06329 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_drums.c:24: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_drums.c:26: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 226 in 0.52 seconds (11636 lines/second) Physical Source Lines of Code (SLOC) = 145 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 13.7931 [1+] 13.7931 [2+] 13.7931 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_seq.c:175: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_seq.c:194: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_seq.c:222: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_seq.c:235: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 4 Lines analyzed = 297 in 0.56 seconds (5357 lines/second) Physical Source Lines of Code (SLOC) = 217 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 18.4332 [1+] 18.4332 [2+] 18.4332 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_midi.c:28: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_midi.c:42: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_midi.c:148: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_midi.c:298: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 4 Lines analyzed = 867 in 0.56 seconds (14535 lines/second) Physical Source Lines of Code (SLOC) = 598 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.68896 [1+] 6.68896 [2+] 6.68896 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_oss.c:79: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_oss.c:96: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_oss.c:206: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/opl3/opl3_oss.c:233: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 4 Lines analyzed = 278 in 0.52 seconds (15680 lines/second) Physical Source Lines of Code (SLOC) = 189 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 21.164 [1+] 21.164 [2+] 21.164 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_core.c:796: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_core.c:797: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_core.c:55: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 819 in 0.84 seconds (2379 lines/second) Physical Source Lines of Code (SLOC) = 511 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 5.87084 [1+] 5.87084 [2+] 5.87084 [3+] 3.91389 [4+] 3.91389 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_hwdep.c:73: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_hwdep.c:145: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_hwdep.c:249: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_hwdep.c:48: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_hwdep.c:69: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_hwdep.c:135: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 6 Lines analyzed = 268 in 0.52 seconds (12936 lines/second) Physical Source Lines of Code (SLOC) = 204 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 29.4118 [1+] 29.4118 [2+] 29.4118 [3+] 14.7059 [4+] 14.7059 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 108 in 0.52 seconds (4565 lines/second) Physical Source Lines of Code (SLOC) = 73 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 246 in 0.52 seconds (14460 lines/second) Physical Source Lines of Code (SLOC) = 160 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 310 in 0.52 seconds (15713 lines/second) Physical Source Lines of Code (SLOC) = 176 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:491: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:497: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:554: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:941: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:1009: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:1016: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:477: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:480: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:545: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:939: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_mixer.c:999: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 11 Lines analyzed = 1027 in 0.55 seconds (19475 lines/second) Physical Source Lines of Code (SLOC) = 777 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 14.157 [1+] 14.157 [2+] 14.157 [3+] 7.72201 [4+] 7.72201 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/vx/vx_pcm.c:1322: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 1327 in 0.55 seconds (26258 lines/second) Physical Source Lines of Code (SLOC) = 823 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 1.21507 [1+] 1.21507 [2+] 1.21507 [3+] 1.21507 [4+] 1.21507 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/virmidi.c:65: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/virmidi.c:111: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/virmidi.c:115: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/virmidi.c:116: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/virmidi.c:117: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 5 Lines analyzed = 195 in 0.52 seconds (11313 lines/second) Physical Source Lines of Code (SLOC) = 127 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 39.3701 [1+] 39.3701 [2+] 39.3701 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:596: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:53: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:55: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:87: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:91: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:242: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:251: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:255: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:263: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:264: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:376: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:405: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401_uart.c:593: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 13 Lines analyzed = 631 in 0.53 seconds (19063 lines/second) Physical Source Lines of Code (SLOC) = 440 Hits@level = [0] 0 [1] 12 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 29.5455 [1+] 29.5455 [2+] 2.27273 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401.c:80: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401.c:81: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401.c:37: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401.c:79: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401.c:83: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401.c:85: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/mpu401/mpu401.c:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 7 Lines analyzed = 289 in 0.53 seconds (11100 lines/second) Physical Source Lines of Code (SLOC) = 232 Hits@level = [0] 0 [1] 1 [2] 4 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 6 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 30.1724 [1+] 30.1724 [2+] 25.8621 [3+] 8.62069 [4+] 8.62069 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 140 in 0.57 seconds (1878 lines/second) Physical Source Lines of Code (SLOC) = 61 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/ml403-ac97cr.c:1305: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/ml403-ac97cr.c:1307: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/ml403-ac97cr.c:74: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/ml403-ac97cr.c:1258: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/drivers/ml403-ac97cr.c:1306: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 5 Lines analyzed = 1354 in 0.55 seconds (27545 lines/second) Physical Source Lines of Code (SLOC) = 1088 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 4.59559 [1+] 4.59559 [2+] 4.59559 [3+] 1.83824 [4+] 1.83824 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 79 in 0.52 seconds (4195 lines/second) Physical Source Lines of Code (SLOC) = 57 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 154 in 0.51 seconds (10948 lines/second) Physical Source Lines of Code (SLOC) = 120 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/parisc/harmony.c:782: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/parisc/harmony.c:995: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/parisc/harmony.c:640: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/parisc/harmony.c:776: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/parisc/harmony.c:872: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/parisc/harmony.c:993: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/parisc/harmony.c:994: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 7 Lines analyzed = 1042 in 0.57 seconds (15435 lines/second) Physical Source Lines of Code (SLOC) = 820 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 8.53659 [1+] 8.53659 [2+] 8.53659 [3+] 2.43902 [4+] 2.43902 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 119 in 0.51 seconds (8541 lines/second) Physical Source Lines of Code (SLOC) = 64 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:723: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:993: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:994: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:346: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:908: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:950: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:992: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/spi/at73c213.c:971: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 8 Lines analyzed = 1131 in 0.55 seconds (20633 lines/second) Physical Source Lines of Code (SLOC) = 859 Hits@level = [0] 0 [1] 1 [2] 4 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 7 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 9.31315 [1+] 9.31315 [2+] 8.14901 [3+] 3.49243 [4+] 3.49243 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 3 in 0.51 seconds (261 lines/second) Physical Source Lines of Code (SLOC) = 3 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/aaci.c:1008: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 1 Lines analyzed = 1206 in 0.55 seconds (25776 lines/second) Physical Source Lines of Code (SLOC) = 839 Hits@level = [0] 0 [1] 1 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.1919 [1+] 1.1919 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 80 in 0.52 seconds (4225 lines/second) Physical Source Lines of Code (SLOC) = 56 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/sa11xx-uda1341.c:817: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/sa11xx-uda1341.c:909: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/sa11xx-uda1341.c:910: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/sa11xx-uda1341.c:911: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 4 Lines analyzed = 982 in 0.54 seconds (25910 lines/second) Physical Source Lines of Code (SLOC) = 670 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.97015 [1+] 5.97015 [2+] 5.97015 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/pxa2xx-ac97.c:351: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers. /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/pxa2xx-ac97.c:392: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. /tmp/bogosec.temp_target.lBOfbq/src/sound/arm/pxa2xx-ac97.c:394: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 3 Lines analyzed = 471 in 0.52 seconds (20182 lines/second) Physical Source Lines of Code (SLOC) = 357 Hits@level = [0] 0 [1] 3 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.40336 [1+] 8.40336 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 29 in 0.51 seconds (2449 lines/second) Physical Source Lines of Code (SLOC) = 14 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 247 in 0.52 seconds (12669 lines/second) Physical Source Lines of Code (SLOC) = 163 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 367 in 0.52 seconds (18661 lines/second) Physical Source Lines of Code (SLOC) = 297 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-dapm.c:785: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-dapm.c:807: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-dapm.c:288: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-dapm.c:818: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-dapm.c:302: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 5 Lines analyzed = 1529 in 0.55 seconds (27875 lines/second) Physical Source Lines of Code (SLOC) = 1070 Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 4 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 4.6729 [1+] 4.6729 [2+] 3.73832 [3+] 1.86916 [4+] 1.86916 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 522 in 0.53 seconds (18378 lines/second) Physical Source Lines of Code (SLOC) = 331 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 59 in 0.51 seconds (4716 lines/second) Physical Source Lines of Code (SLOC) = 32 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 849 in 0.54 seconds (21173 lines/second) Physical Source Lines of Code (SLOC) = 559 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 492 in 0.53 seconds (18594 lines/second) Physical Source Lines of Code (SLOC) = 330 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 79 in 0.51 seconds (5915 lines/second) Physical Source Lines of Code (SLOC) = 31 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 361 in 0.53 seconds (12962 lines/second) Physical Source Lines of Code (SLOC) = 291 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 22 in 0.51 seconds (1894 lines/second) Physical Source Lines of Code (SLOC) = 8 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 340 in 0.52 seconds (16582 lines/second) Physical Source Lines of Code (SLOC) = 240 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 102 in 0.52 seconds (4490 lines/second) Physical Source Lines of Code (SLOC) = 64 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 89 in 0.51 seconds (6817 lines/second) Physical Source Lines of Code (SLOC) = 58 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 292 in 0.52 seconds (16154 lines/second) Physical Source Lines of Code (SLOC) = 208 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 486 in 0.52 seconds (21160 lines/second) Physical Source Lines of Code (SLOC) = 382 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 384 in 0.52 seconds (18143 lines/second) Physical Source Lines of Code (SLOC) = 280 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 379 in 0.52 seconds (18455 lines/second) Physical Source Lines of Code (SLOC) = 273 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 20 in 0.51 seconds (1673 lines/second) Physical Source Lines of Code (SLOC) = 6 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 34 in 0.51 seconds (2845 lines/second) Physical Source Lines of Code (SLOC) = 17 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 370 in 0.52 seconds (19183 lines/second) Physical Source Lines of Code (SLOC) = 294 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 421 in 0.53 seconds (14844 lines/second) Physical Source Lines of Code (SLOC) = 313 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 53 in 0.51 seconds (3563 lines/second) Physical Source Lines of Code (SLOC) = 29 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 387 in 0.58 seconds (4554 lines/second) Physical Source Lines of Code (SLOC) = 273 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 414 in 0.52 seconds (18423 lines/second) Physical Source Lines of Code (SLOC) = 305 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 144 in 0.51 seconds (10286 lines/second) Physical Source Lines of Code (SLOC) = 107 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 103 in 0.52 seconds (6749 lines/second) Physical Source Lines of Code (SLOC) = 76 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1633 in 0.57 seconds (24955 lines/second) Physical Source Lines of Code (SLOC) = 1202 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1817 in 0.59 seconds (20408 lines/second) Physical Source Lines of Code (SLOC) = 1372 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 67 in 0.51 seconds (5418 lines/second) Physical Source Lines of Code (SLOC) = 46 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 732 in 0.53 seconds (24193 lines/second) Physical Source Lines of Code (SLOC) = 544 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1341 in 0.57 seconds (17991 lines/second) Physical Source Lines of Code (SLOC) = 959 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1023 in 0.54 seconds (23058 lines/second) Physical Source Lines of Code (SLOC) = 749 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 818 in 0.53 seconds (24995 lines/second) Physical Source Lines of Code (SLOC) = 619 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 14 in 0.51 seconds (1282 lines/second) Physical Source Lines of Code (SLOC) = 7 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/codecs/ac97.c:67: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 1 Lines analyzed = 180 in 0.51 seconds (12090 lines/second) Physical Source Lines of Code (SLOC) = 134 Hits@level = [0] 0 [1] 1 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.46269 [1+] 7.46269 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 44 in 0.51 seconds (3718 lines/second) Physical Source Lines of Code (SLOC) = 22 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 699 in 0.53 seconds (22498 lines/second) Physical Source Lines of Code (SLOC) = 525 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 765 in 0.55 seconds (14841 lines/second) Physical Source Lines of Code (SLOC) = 440 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/codecs/wm9713.c:628: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 1 Lines analyzed = 1299 in 0.56 seconds (20627 lines/second) Physical Source Lines of Code (SLOC) = 999 Hits@level = [0] 0 [1] 1 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.001 [1+] 1.001 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 89 in 0.52 seconds (5924 lines/second) Physical Source Lines of Code (SLOC) = 71 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 28 in 0.51 seconds (2154 lines/second) Physical Source Lines of Code (SLOC) = 5 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 46 in 0.51 seconds (3836 lines/second) Physical Source Lines of Code (SLOC) = 25 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 53 in 0.51 seconds (3876 lines/second) Physical Source Lines of Code (SLOC) = 31 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 842 in 0.61 seconds (7705 lines/second) Physical Source Lines of Code (SLOC) = 578 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 853 in 0.54 seconds (20524 lines/second) Physical Source Lines of Code (SLOC) = 645 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 126 in 0.51 seconds (8690 lines/second) Physical Source Lines of Code (SLOC) = 94 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/codecs/wm9712.c:467: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 1 Lines analyzed = 751 in 0.56 seconds (11630 lines/second) Physical Source Lines of Code (SLOC) = 589 Hits@level = [0] 0 [1] 1 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.69779 [1+] 1.69779 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 19 in 0.51 seconds (1630 lines/second) Physical Source Lines of Code (SLOC) = 5 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 234 in 0.52 seconds (12570 lines/second) Physical Source Lines of Code (SLOC) = 157 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 31 in 0.51 seconds (2436 lines/second) Physical Source Lines of Code (SLOC) = 14 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 483 in 0.52 seconds (21990 lines/second) Physical Source Lines of Code (SLOC) = 353 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 398 in 0.52 seconds (20876 lines/second) Physical Source Lines of Code (SLOC) = 316 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 37 in 0.51 seconds (2756 lines/second) Physical Source Lines of Code (SLOC) = 12 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 745 in 0.54 seconds (20741 lines/second) Physical Source Lines of Code (SLOC) = 546 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 85 in 0.51 seconds (6850 lines/second) Physical Source Lines of Code (SLOC) = 52 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 38 in 0.51 seconds (3150 lines/second) Physical Source Lines of Code (SLOC) = 17 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 31 in 0.51 seconds (2550 lines/second) Physical Source Lines of Code (SLOC) = 11 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 470 in 0.52 seconds (21476 lines/second) Physical Source Lines of Code (SLOC) = 337 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 32 in 0.51 seconds (2592 lines/second) Physical Source Lines of Code (SLOC) = 10 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 81 in 0.52 seconds (4315 lines/second) Physical Source Lines of Code (SLOC) = 52 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 744 in 0.53 seconds (24874 lines/second) Physical Source Lines of Code (SLOC) = 563 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 791 in 0.53 seconds (23883 lines/second) Physical Source Lines of Code (SLOC) = 564 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 27 in 0.51 seconds (2294 lines/second) Physical Source Lines of Code (SLOC) = 8 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 434 in 0.52 seconds (19565 lines/second) Physical Source Lines of Code (SLOC) = 326 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 72 in 0.51 seconds (5477 lines/second) Physical Source Lines of Code (SLOC) = 35 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 348 in 0.52 seconds (17804 lines/second) Physical Source Lines of Code (SLOC) = 222 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 91 in 0.51 seconds (7023 lines/second) Physical Source Lines of Code (SLOC) = 64 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 318 in 0.57 seconds (4413 lines/second) Physical Source Lines of Code (SLOC) = 247 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 353 in 0.53 seconds (12743 lines/second) Physical Source Lines of Code (SLOC) = 264 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 399 in 0.52 seconds (16108 lines/second) Physical Source Lines of Code (SLOC) = 305 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 201 in 0.52 seconds (12651 lines/second) Physical Source Lines of Code (SLOC) = 136 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 29 in 0.51 seconds (2468 lines/second) Physical Source Lines of Code (SLOC) = 14 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 17 in 0.51 seconds (1485 lines/second) Physical Source Lines of Code (SLOC) = 4 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 389 in 0.53 seconds (13931 lines/second) Physical Source Lines of Code (SLOC) = 300 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 409 in 0.52 seconds (19301 lines/second) Physical Source Lines of Code (SLOC) = 336 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:912: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:972: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:1303: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:1393: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:153: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:154: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:900: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:974: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:1273: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:99: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:975: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:1115: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:1161: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/soc-core.c:1163: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 14 Lines analyzed = 1848 in 0.57 seconds (24660 lines/second) Physical Source Lines of Code (SLOC) = 1241 Hits@level = [0] 0 [1] 5 [2] 5 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 14 [1+] 14 [2+] 9 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 11.2812 [1+] 11.2812 [2+] 7.25222 [3+] 3.22321 [4+] 3.22321 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:80: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:600: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:601: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:602: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:603: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:604: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:605: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:606: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:607: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:608: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:609: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:610: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:611: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:612: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:613: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:614: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:615: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:616: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:617: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:618: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:619: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:620: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:644: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/soc/fsl/fsl_ssi.c:650: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 24 Lines analyzed = 697 in 0.53 seconds (20469 lines/second) Physical Source Lines of Code (SLOC) = 396 Hits@level = [0] 0 [1] 0 [2] 24 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 24 [1+] 24 [2+] 24 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 60.6061 [1+] 60.6061 [2+] 60.6061 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 149 in 0.52 seconds (9358 lines/second) Physical Source Lines of Code (SLOC) = 105 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 224 in 0.52 seconds (12403 lines/second) Physical Source Lines of Code (SLOC) = 179 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 621 in 0.53 seconds (21702 lines/second) Physical Source Lines of Code (SLOC) = 408 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 858 in 0.54 seconds (21546 lines/second) Physical Source Lines of Code (SLOC) = 430 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 49 in 0.51 seconds (3869 lines/second) Physical Source Lines of Code (SLOC) = 15 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 414 in 0.52 seconds (19480 lines/second) Physical Source Lines of Code (SLOC) = 310 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 35 in 0.51 seconds (2917 lines/second) Physical Source Lines of Code (SLOC) = 9 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 357 in 0.52 seconds (17664 lines/second) Physical Source Lines of Code (SLOC) = 261 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 390 in 0.52 seconds (18887 lines/second) Physical Source Lines of Code (SLOC) = 281 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/sgio2audio.c:212: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/sgio2audio.c:963: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/sgio2audio.c:204: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/sgio2audio.c:756: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/sgio2audio.c:770: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/sgio2audio.c:961: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/sgio2audio.c:962: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 7 Lines analyzed = 1006 in 0.54 seconds (26201 lines/second) Physical Source Lines of Code (SLOC) = 749 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 9.34579 [1+] 9.34579 [2+] 9.34579 [3+] 2.67023 [4+] 2.67023 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/au1x00.c:459: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/au1x00.c:670: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/au1x00.c:671: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/au1x00.c:672: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 4 Lines analyzed = 691 in 0.53 seconds (22264 lines/second) Physical Source Lines of Code (SLOC) = 538 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.43494 [1+] 7.43494 [2+] 7.43494 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/hal2.c:905: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/hal2.c:602: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/hal2.c:696: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/hal2.c:745: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/hal2.c:903: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/hal2.c:904: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 6 Lines analyzed = 947 in 0.54 seconds (25276 lines/second) Physical Source Lines of Code (SLOC) = 745 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 8.05369 [1+] 8.05369 [2+] 8.05369 [3+] 1.34228 [4+] 1.34228 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 245 in 0.52 seconds (12168 lines/second) Physical Source Lines of Code (SLOC) = 124 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/ad1843.c:191: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/ad1843.c:205: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/ad1843.c:240: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/mips/ad1843.c:287: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 4 Lines analyzed = 561 in 0.54 seconds (15346 lines/second) Physical Source Lines of Code (SLOC) = 395 Hits@level = [0] 0 [1] 4 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.1266 [1+] 10.1266 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:800: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:1411: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:210: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:335: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:369: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:496: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:632: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/tumbler.c:792: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 8 Lines analyzed = 1488 in 0.56 seconds (25458 lines/second) Physical Source Lines of Code (SLOC) = 1228 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 6.51466 [1+] 6.51466 [2+] 6.51466 [3+] 1.62866 [4+] 1.62866 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 205 in 0.52 seconds (8382 lines/second) Physical Source Lines of Code (SLOC) = 131 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 283 in 0.52 seconds (13552 lines/second) Physical Source Lines of Code (SLOC) = 220 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 250 in 0.52 seconds (12593 lines/second) Physical Source Lines of Code (SLOC) = 230 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 210 in 0.52 seconds (12931 lines/second) Physical Source Lines of Code (SLOC) = 130 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 891 in 0.55 seconds (19252 lines/second) Physical Source Lines of Code (SLOC) = 272 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:73: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:81: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:89: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:90: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:91: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:99: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:100: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:107: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:72: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:79: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/powermac.c:80: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 12 Lines analyzed = 195 in 0.52 seconds (11313 lines/second) Physical Source Lines of Code (SLOC) = 145 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 8 [5] 0 Hits@level+ = [0+] 12 [1+] 12 [2+] 12 [3+] 8 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 82.7586 [1+] 82.7586 [2+] 82.7586 [3+] 55.1724 [4+] 55.1724 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/burgundy.c:681: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 1 Lines analyzed = 733 in 0.53 seconds (21355 lines/second) Physical Source Lines of Code (SLOC) = 603 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.65837 [1+] 1.65837 [2+] 1.65837 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/awacs.c:39: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/awacs.c:40: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/awacs.c:956: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 3 Lines analyzed = 1085 in 0.57 seconds (15580 lines/second) Physical Source Lines of Code (SLOC) = 873 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.43643 [1+] 3.43643 [2+] 3.43643 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 114 in 0.51 seconds (8005 lines/second) Physical Source Lines of Code (SLOC) = 65 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/snd_ps3.c:903: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/snd_ps3.c:904: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/snd_ps3.c:905: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/snd_ps3.c:918: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 1124 in 0.54 seconds (29641 lines/second) Physical Source Lines of Code (SLOC) = 777 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.14801 [1+] 5.14801 [2+] 5.14801 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/pmac.c:723: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/pmac.c:425: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 2 Lines analyzed = 1412 in 0.58 seconds (17074 lines/second) Physical Source Lines of Code (SLOC) = 999 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.002 [1+] 2.002 [2+] 2.002 [3+] 1.001 [4+] 1.001 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/keywest.c:73: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 141 in 0.51 seconds (9762 lines/second) Physical Source Lines of Code (SLOC) = 88 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 11.3636 [1+] 11.3636 [2+] 11.3636 [3+] 11.3636 [4+] 11.3636 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 135 in 0.51 seconds (9494 lines/second) Physical Source Lines of Code (SLOC) = 72 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/daca.c:69: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/ppc/daca.c:270: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 2 Lines analyzed = 282 in 0.52 seconds (15337 lines/second) Physical Source Lines of Code (SLOC) = 207 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 9.66184 [1+] 9.66184 [2+] 9.66184 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:170: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:172: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:57: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:243: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:288: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:511: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:512: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/sound_core.c:290: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant character. Hits = 8 Lines analyzed = 553 in 0.53 seconds (19944 lines/second) Physical Source Lines of Code (SLOC) = 299 Hits@level = [0] 0 [1] 1 [2] 5 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 7 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 26.7559 [1+] 26.7559 [2+] 23.4114 [3+] 6.68896 [4+] 6.68896 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 81 in 0.51 seconds (6269 lines/second) Physical Source Lines of Code (SLOC) = 47 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/codecs/snd-aoa-codec-onyx.c:250: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/codecs/snd-aoa-codec-onyx.c:591: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 2 Lines analyzed = 1118 in 0.54 seconds (27903 lines/second) Physical Source Lines of Code (SLOC) = 863 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.3175 [1+] 2.3175 [2+] 2.3175 [3+] 1.15875 [4+] 1.15875 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 134 in 0.52 seconds (6975 lines/second) Physical Source Lines of Code (SLOC) = 117 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/codecs/snd-aoa-codec-tas.c:487: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/codecs/snd-aoa-codec-tas.c:118: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 1014 in 0.54 seconds (26571 lines/second) Physical Source Lines of Code (SLOC) = 763 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.62123 [1+] 2.62123 [2+] 2.62123 [3+] 1.31062 [4+] 1.31062 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 55 in 0.51 seconds (4480 lines/second) Physical Source Lines of Code (SLOC) = 40 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 150 in 0.51 seconds (10625 lines/second) Physical Source Lines of Code (SLOC) = 108 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 75 in 0.51 seconds (5895 lines/second) Physical Source Lines of Code (SLOC) = 45 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 209 in 0.52 seconds (11564 lines/second) Physical Source Lines of Code (SLOC) = 182 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/soundbus.h:106: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/soundbus.h:147: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 204 in 0.53 seconds (7305 lines/second) Physical Source Lines of Code (SLOC) = 87 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 22.9885 [1+] 22.9885 [2+] 22.9885 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/core.c:179: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 1 Lines analyzed = 219 in 0.52 seconds (13636 lines/second) Physical Source Lines of Code (SLOC) = 161 Hits@level = [0] 0 [1] 1 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.21118 [1+] 6.21118 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/sysfs.c:12: [4] (format) sprintf: Potential format string problem. Make format string constant. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/sysfs.c:27: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/sysfs.c:24: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant character. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/sysfs.c:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 4 Lines analyzed = 42 in 0.51 seconds (3369 lines/second) Physical Source Lines of Code (SLOC) = 35 Hits@level = [0] 0 [1] 2 [2] 0 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 2 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 114.286 [1+] 114.286 [2+] 57.1429 [3+] 57.1429 [4+] 57.1429 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 193 in 0.52 seconds (12701 lines/second) Physical Source Lines of Code (SLOC) = 152 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 187 in 0.52 seconds (10931 lines/second) Physical Source Lines of Code (SLOC) = 126 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/i2sbus/i2sbus-core.c:226: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate. Use a constant for the format specification. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/i2sbus/i2sbus-core.c:172: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/i2sbus/i2sbus-core.c:193: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 3 Lines analyzed = 450 in 0.53 seconds (17283 lines/second) Physical Source Lines of Code (SLOC) = 331 Hits@level = [0] 0 [1] 2 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 9.06344 [1+] 9.06344 [2+] 3.02115 [3+] 3.02115 [4+] 3.02115 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/i2sbus/i2sbus-pcm.c:201: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/i2sbus/i2sbus-pcm.c:202: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 2 Lines analyzed = 1062 in 0.54 seconds (26394 lines/second) Physical Source Lines of Code (SLOC) = 813 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.46002 [1+] 2.46002 [2+] 2.46002 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/soundbus/i2sbus/i2sbus.h:68: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 126 in 0.51 seconds (9348 lines/second) Physical Source Lines of Code (SLOC) = 92 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.8696 [1+] 10.8696 [2+] 10.8696 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/fabrics/snd-aoa-fabric-layout.c:720: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/fabrics/snd-aoa-fabric-layout.c:725: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 2 Lines analyzed = 1120 in 0.54 seconds (27106 lines/second) Physical Source Lines of Code (SLOC) = 949 Hits@level = [0] 0 [1] 1 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.10748 [1+] 2.10748 [2+] 1.05374 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/aoa.h:22: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/aoa/aoa.h:69: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 129 in 0.52 seconds (8564 lines/second) Physical Source Lines of Code (SLOC) = 51 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 39.2157 [1+] 39.2157 [2+] 39.2157 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 408 in 0.52 seconds (19098 lines/second) Physical Source Lines of Code (SLOC) = 315 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 16 in 0.51 seconds (1426 lines/second) Physical Source Lines of Code (SLOC) = 6 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 252 in 0.52 seconds (14903 lines/second) Physical Source Lines of Code (SLOC) = 211 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 99 in 0.52 seconds (4907 lines/second) Physical Source Lines of Code (SLOC) = 78 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 162 in 0.51 seconds (11179 lines/second) Physical Source Lines of Code (SLOC) = 124 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/tea575x-tuner.c:106: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/tea575x-tuner.c:192: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/tea575x-tuner.c:122: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/tea575x-tuner.c:151: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/tea575x-tuner.c:185: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 5 Lines analyzed = 237 in 0.52 seconds (12334 lines/second) Physical Source Lines of Code (SLOC) = 176 Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 4 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 28.4091 [1+] 28.4091 [2+] 22.7273 [3+] 11.3636 [4+] 11.3636 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4114.c:84: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4114.c:84: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4114.c:52: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4114.c:83: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4114.c:99: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 5 Lines analyzed = 625 in 0.53 seconds (20013 lines/second) Physical Source Lines of Code (SLOC) = 525 Hits@level = [0] 0 [1] 3 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 9.52381 [1+] 9.52381 [2+] 3.80952 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/pt2258.c:36: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/pt2258.c:47: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/pt2258.c:110: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/pt2258.c:159: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/pt2258.c:186: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 5 Lines analyzed = 226 in 0.52 seconds (12435 lines/second) Physical Source Lines of Code (SLOC) = 168 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 29.7619 [1+] 29.7619 [2+] 29.7619 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4xxx-adda.c:443: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4xxx-adda.c:145: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4xxx-adda.c:435: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4xxx-adda.c:553: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers. Hits = 4 Lines analyzed = 872 in 0.58 seconds (10268 lines/second) Physical Source Lines of Code (SLOC) = 715 Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 5.59441 [1+] 5.59441 [2+] 4.1958 [3+] 1.3986 [4+] 1.3986 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4117.c:76: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4117.c:48: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4117.c:75: [1] (buffer) read: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/other/ak4117.c:90: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 4 Lines analyzed = 550 in 0.53 seconds (20316 lines/second) Physical Source Lines of Code (SLOC) = 459 Hits@level = [0] 0 [1] 3 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.7146 [1+] 8.7146 [2+] 2.17865 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:561: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:43: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:44: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:45: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:46: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:51: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:74: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:131: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:138: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:216: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:250: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:262: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:272: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:273: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:284: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:423: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:441: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/cs8427.c:559: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 18 Lines analyzed = 621 in 0.54 seconds (14455 lines/second) Physical Source Lines of Code (SLOC) = 503 Hits@level = [0] 0 [1] 0 [2] 17 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 18 [1+] 18 [2+] 18 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 35.7853 [1+] 35.7853 [2+] 35.7853 [3+] 1.98807 [4+] 1.98807 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/tea6330t.c:52: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/tea6330t.c:112: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/tea6330t.c:163: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/tea6330t.c:214: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/tea6330t.c:261: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/tea6330t.c:299: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/tea6330t.c:347: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. Hits = 7 Lines analyzed = 385 in 0.52 seconds (17155 lines/second) Physical Source Lines of Code (SLOC) = 306 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 22.8758 [1+] 22.8758 [2+] 22.8758 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/l3/uda1341.c:610: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/l3/uda1341.c:143: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/l3/uda1341.c:149: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/l3/uda1341.c:172: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/l3/uda1341.c:498: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/l3/uda1341.c:798: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/i2c/l3/uda1341.c:142: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 7 Lines analyzed = 934 in 0.54 seconds (21526 lines/second) Physical Source Lines of Code (SLOC) = 716 Hits@level = [0] 0 [1] 1 [2] 5 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 6 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 9.77654 [1+] 9.77654 [2+] 8.37989 [3+] 1.39665 [4+] 1.39665 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 344 in 0.52 seconds (16473 lines/second) Physical Source Lines of Code (SLOC) = 273 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/bin2hex.c:29: [1] (buffer) getchar: Check buffer boundaries if used in a loop. Hits = 1 Lines analyzed = 39 in 0.51 seconds (2805 lines/second) Physical Source Lines of Code (SLOC) = 33 Hits@level = [0] 0 [1] 1 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 30.303 [1+] 30.303 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:155: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:157: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:168: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:198: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:248: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:249: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:265: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:290: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:299: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:315: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.h:347: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 11 Lines analyzed = 390 in 0.53 seconds (12098 lines/second) Physical Source Lines of Code (SLOC) = 296 Hits@level = [0] 0 [1] 0 [2] 11 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 37.1622 [1+] 37.1622 [2+] 37.1622 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/opl3_hw.h:197: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 246 in 0.52 seconds (12659 lines/second) Physical Source Lines of Code (SLOC) = 88 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 11.3636 [1+] 11.3636 [2+] 11.3636 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 230 in 0.52 seconds (13093 lines/second) Physical Source Lines of Code (SLOC) = 147 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.c:90: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dev_table.c:139: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 2 Lines analyzed = 256 in 0.53 seconds (7415 lines/second) Physical Source Lines of Code (SLOC) = 193 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.3627 [1+] 10.3627 [2+] 10.3627 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/pss.c:402: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/pss.c:687: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/pss.c:732: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 3 Lines analyzed = 1266 in 0.56 seconds (21628 lines/second) Physical Source Lines of Code (SLOC) = 991 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.02725 [1+] 3.02725 [2+] 3.02725 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1916 in 0.56 seconds (29971 lines/second) Physical Source Lines of Code (SLOC) = 1564 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 17 in 0.52 seconds (739 lines/second) Physical Source Lines of Code (SLOC) = 9 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 185 in 0.52 seconds (11521 lines/second) Physical Source Lines of Code (SLOC) = 131 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/opl3.c:176: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/opl3.c:306: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/opl3.c:331: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/opl3.c:1158: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/opl3.c:1160: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/opl3.c:1179: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 6 Lines analyzed = 1250 in 0.54 seconds (28097 lines/second) Physical Source Lines of Code (SLOC) = 843 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.11744 [1+] 7.11744 [2+] 7.11744 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 336 in 0.52 seconds (15735 lines/second) Physical Source Lines of Code (SLOC) = 258 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/au1550_ac97.c:838: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/au1550_ac97.c:894: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/au1550_ac97.c:927: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/au1550_ac97.c:950: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/au1550_ac97.c:1889: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/au1550_ac97.c:1884: [1] (buffer) read: Check buffer boundaries if used in a loop. Hits = 6 Lines analyzed = 2129 in 0.58 seconds (27371 lines/second) Physical Source Lines of Code (SLOC) = 1642 Hits@level = [0] 0 [1] 1 [2] 5 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 5 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.65408 [1+] 3.65408 [2+] 3.04507 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 15 in 0.51 seconds (1274 lines/second) Physical Source Lines of Code (SLOC) = 10 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_ess.c:1202: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_ess.c:1022: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_ess.c:1044: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_ess.c:1110: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_ess.c:1204: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 5 Lines analyzed = 1832 in 0.60 seconds (18537 lines/second) Physical Source Lines of Code (SLOC) = 1141 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.38212 [1+] 4.38212 [2+] 4.38212 [3+] 0.876424 [4+] 0.876424 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 87 in 0.52 seconds (5448 lines/second) Physical Source Lines of Code (SLOC) = 58 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/audio.c:102: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 1 Lines analyzed = 983 in 0.54 seconds (23706 lines/second) Physical Source Lines of Code (SLOC) = 744 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.34409 [1+] 1.34409 [2+] 1.34409 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 92 in 0.51 seconds (7237 lines/second) Physical Source Lines of Code (SLOC) = 63 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sscape.c:278: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sscape.c:287: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sscape.c:297: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sscape.c:446: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sscape.c:638: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sscape.c:939: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sscape.c:993: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 7 Lines analyzed = 1480 in 0.55 seconds (28478 lines/second) Physical Source Lines of Code (SLOC) = 1110 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.30631 [1+] 6.30631 [2+] 6.30631 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/vidc.c:55: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/vidc.c:68: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/vidc.c:441: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/vidc.c:444: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 4 Lines analyzed = 560 in 0.52 seconds (24088 lines/second) Physical Source Lines of Code (SLOC) = 406 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 9.85222 [1+] 9.85222 [2+] 9.85222 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ac97_codec.c:703: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ac97_codec.c:594: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ac97_codec.c:599: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 3 Lines analyzed = 1206 in 0.55 seconds (22411 lines/second) Physical Source Lines of Code (SLOC) = 813 Hits@level = [0] 0 [1] 2 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.69004 [1+] 3.69004 [2+] 1.23001 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/pas2_card.c:338: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/pas2_card.c:336: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 457 in 0.54 seconds (12868 lines/second) Physical Source Lines of Code (SLOC) = 322 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 6.21118 [1+] 6.21118 [2+] 6.21118 [3+] 3.10559 [4+] 3.10559 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 278 in 0.52 seconds (14875 lines/second) Physical Source Lines of Code (SLOC) = 204 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 11 in 0.51 seconds (958 lines/second) Physical Source Lines of Code (SLOC) = 6 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/midibuf.c:36: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/midibuf.c:175: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 2 Lines analyzed = 424 in 0.52 seconds (20167 lines/second) Physical Source Lines of Code (SLOC) = 286 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.99301 [1+] 6.99301 [2+] 6.99301 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 2 in 0.51 seconds (186 lines/second) Physical Source Lines of Code (SLOC) = 1 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 353 in 0.52 seconds (15386 lines/second) Physical Source Lines of Code (SLOC) = 266 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 69 in 0.52 seconds (4401 lines/second) Physical Source Lines of Code (SLOC) = 68 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/vwsnd.c:1894: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/vwsnd.c:1917: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 2 Lines analyzed = 3485 in 0.65 seconds (23788 lines/second) Physical Source Lines of Code (SLOC) = 2357 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.848536 [1+] 0.848536 [2+] 0.848536 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1558 in 0.62 seconds (12688 lines/second) Physical Source Lines of Code (SLOC) = 1210 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/trix.c:125: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 525 in 0.52 seconds (21561 lines/second) Physical Source Lines of Code (SLOC) = 386 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.59067 [1+] 2.59067 [2+] 2.59067 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 46 in 0.52 seconds (2735 lines/second) Physical Source Lines of Code (SLOC) = 36 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_common.c:827: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_common.c:385: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_common.c:436: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_common.c:511: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_common.c:634: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_common.c:642: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 6 Lines analyzed = 1291 in 0.55 seconds (24691 lines/second) Physical Source Lines of Code (SLOC) = 926 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 6.47948 [1+] 6.47948 [2+] 6.47948 [3+] 1.07991 [4+] 1.07991 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sound_config.h:95: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 153 in 0.52 seconds (6143 lines/second) Physical Source Lines of Code (SLOC) = 99 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.101 [1+] 10.101 [2+] 10.101 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/midi_synth.c:29: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/midi_synth.c:34: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/midi_synth.c:117: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/midi_synth.c:436: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 4 Lines analyzed = 714 in 0.53 seconds (25425 lines/second) Physical Source Lines of Code (SLOC) = 519 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.70713 [1+] 7.70713 [2+] 7.70713 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/soundcard.c:102: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/soundcard.c:69: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 745 in 0.53 seconds (23773 lines/second) Physical Source Lines of Code (SLOC) = 571 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.50263 [1+] 3.50263 [2+] 3.50263 [3+] 1.75131 [4+] 1.75131 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 248 in 0.52 seconds (11466 lines/second) Physical Source Lines of Code (SLOC) = 127 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 24 in 0.51 seconds (2082 lines/second) Physical Source Lines of Code (SLOC) = 15 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 331 in 0.52 seconds (19312 lines/second) Physical Source Lines of Code (SLOC) = 256 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 246 in 0.63 seconds (1832 lines/second) Physical Source Lines of Code (SLOC) = 190 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/hex2hex.c:13: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/hex2hex.c:19: [1] (buffer) getc: Check buffer boundaries if used in a loop. Hits = 2 Lines analyzed = 101 in 0.52 seconds (4829 lines/second) Physical Source Lines of Code (SLOC) = 79 Hits@level = [0] 0 [1] 1 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 25.3165 [1+] 25.3165 [2+] 12.6582 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848_mixer.h:72: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 253 in 0.53 seconds (9557 lines/second) Physical Source Lines of Code (SLOC) = 182 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.49451 [1+] 5.49451 [2+] 5.49451 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/swarm_cs4297a.c:362: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/swarm_cs4297a.c:1154: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/swarm_cs4297a.c:1173: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 2740 in 0.60 seconds (26330 lines/second) Physical Source Lines of Code (SLOC) = 2180 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.37615 [1+] 1.37615 [2+] 1.37615 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sound_timer.c:323: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 327 in 0.52 seconds (18091 lines/second) Physical Source Lines of Code (SLOC) = 250 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 4 [4+] 4 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/pas2_midi.c:29: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 262 in 0.52 seconds (14397 lines/second) Physical Source Lines of Code (SLOC) = 164 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.09756 [1+] 6.09756 [2+] 6.09756 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/uart401.c:371: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/uart401.c:359: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/uart401.c:370: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 3 Lines analyzed = 481 in 0.56 seconds (8489 lines/second) Physical Source Lines of Code (SLOC) = 345 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 8.69565 [1+] 8.69565 [2+] 8.69565 [3+] 2.89855 [4+] 2.89855 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/aedsp16.c:504: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/aedsp16.c:505: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/aedsp16.c:969: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 3 Lines analyzed = 1380 in 0.55 seconds (25245 lines/second) Physical Source Lines of Code (SLOC) = 834 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.59712 [1+] 3.59712 [2+] 3.59712 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:161: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:179: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:652: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:655: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:746: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:746: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:748: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_mixer.c:748: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 8 Lines analyzed = 768 in 0.53 seconds (23626 lines/second) Physical Source Lines of Code (SLOC) = 597 Hits@level = [0] 0 [1] 0 [2] 8 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 13.4003 [1+] 13.4003 [2+] 13.4003 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/midi_ctrl.h:1: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 22 in 0.51 seconds (1711 lines/second) Physical Source Lines of Code (SLOC) = 19 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 52.6316 [1+] 52.6316 [2+] 52.6316 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_midi.c:183: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_midi.c:183: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_midi.c:200: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_midi.c:200: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 4 Lines analyzed = 205 in 0.52 seconds (12241 lines/second) Physical Source Lines of Code (SLOC) = 146 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 27.3973 [1+] 27.3973 [2+] 27.3973 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 3 in 0.51 seconds (270 lines/second) Physical Source Lines of Code (SLOC) = 2 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmabuf.c:289: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 1 Lines analyzed = 1267 in 0.56 seconds (20021 lines/second) Physical Source Lines of Code (SLOC) = 1003 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.997009 [1+] 0.997009 [2+] 0.997009 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1084: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1094: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:65: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:165: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:497: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:836: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1037: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1037: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1043: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1043: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1050: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1056: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1070: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/mpu401.c:1086: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 14 Lines analyzed = 1815 in 0.56 seconds (28867 lines/second) Physical Source Lines of Code (SLOC) = 1418 Hits@level = [0] 0 [1] 0 [2] 12 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 14 [1+] 14 [2+] 14 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 9.87306 [1+] 9.87306 [2+] 9.87306 [3+] 1.41044 [4+] 1.41044 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1236: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1239: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1260: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1261: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1268: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1275: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1276: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1281: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1181: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1259: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1265: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1274: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_core.c:1278: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 13 Lines analyzed = 1549 in 0.57 seconds (22046 lines/second) Physical Source Lines of Code (SLOC) = 969 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 8 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 13 [3+] 8 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 13.4159 [1+] 13.4159 [2+] 13.4159 [3+] 8.25593 [4+] 8.25593 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 262 in 0.53 seconds (9525 lines/second) Physical Source Lines of Code (SLOC) = 171 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 634 in 0.53 seconds (24804 lines/second) Physical Source Lines of Code (SLOC) = 503 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_atari.c:1473: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_atari.c:1475: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_atari.c:1477: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_atari.c:1479: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_atari.c:1491: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_atari.c:1493: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 6 Lines analyzed = 1618 in 0.56 seconds (26991 lines/second) Physical Source Lines of Code (SLOC) = 1284 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 4.6729 [1+] 4.6729 [2+] 4.6729 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_paula.c:655: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/dmasound/dmasound_paula.c:657: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 2 Lines analyzed = 740 in 0.53 seconds (22365 lines/second) Physical Source Lines of Code (SLOC) = 519 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.85356 [1+] 3.85356 [2+] 3.85356 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 437 in 0.52 seconds (20493 lines/second) Physical Source Lines of Code (SLOC) = 311 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:590: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:1974: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:1977: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:68: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:125: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:585: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:1955: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:2596: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/ad1848.c:2603: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 9 Lines analyzed = 3068 in 0.61 seconds (28049 lines/second) Physical Source Lines of Code (SLOC) = 2250 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 1.33333 [4+] 1.33333 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/msnd.c:170: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/msnd.c:232: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 2 Lines analyzed = 414 in 0.55 seconds (8439 lines/second) Physical Source Lines of Code (SLOC) = 302 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.62252 [1+] 6.62252 [2+] 6.62252 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 2 in 0.51 seconds (165 lines/second) Physical Source Lines of Code (SLOC) = 2 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 149 in 0.52 seconds (7258 lines/second) Physical Source Lines of Code (SLOC) = 79 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 185 in 0.52 seconds (11001 lines/second) Physical Source Lines of Code (SLOC) = 132 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 12 in 0.51 seconds (1059 lines/second) Physical Source Lines of Code (SLOC) = 4 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/waveartist.c:1259: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/waveartist.c:1263: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/waveartist.c:1253: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/waveartist.c:1262: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/waveartist.c:1265: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant character. Hits = 5 Lines analyzed = 2032 in 0.62 seconds (16734 lines/second) Physical Source Lines of Code (SLOC) = 1417 Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 4 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 3.52858 [1+] 3.52858 [2+] 2.82287 [3+] 1.41143 [4+] 1.41143 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:153: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:164: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:196: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:213: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:298: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:355: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:1044: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:1075: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:1085: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:1383: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sequencer.c:1477: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 11 Lines analyzed = 1674 in 0.59 seconds (19439 lines/second) Physical Source Lines of Code (SLOC) = 1231 Hits@level = [0] 0 [1] 0 [2] 11 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.93582 [1+] 8.93582 [2+] 8.93582 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:214: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:214: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:228: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:228: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:235: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:235: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:249: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/v_midi.c:249: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 8 Lines analyzed = 289 in 0.55 seconds (6170 lines/second) Physical Source Lines of Code (SLOC) = 195 Hits@level = [0] 0 [1] 0 [2] 8 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 41.0256 [1+] 41.0256 [2+] 41.0256 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 34 in 0.51 seconds (2930 lines/second) Physical Source Lines of Code (SLOC) = 26 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 63 in 0.53 seconds (2404 lines/second) Physical Source Lines of Code (SLOC) = 22 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 105 in 0.51 seconds (7967 lines/second) Physical Source Lines of Code (SLOC) = 41 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/oss/sb_audio.c:834: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 1098 in 0.56 seconds (17882 lines/second) Physical Source Lines of Code (SLOC) = 856 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.16822 [1+] 1.16822 [2+] 1.16822 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 47 in 0.51 seconds (3419 lines/second) Physical Source Lines of Code (SLOC) = 45 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 361 in 0.53 seconds (12062 lines/second) Physical Source Lines of Code (SLOC) = 236 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 288 in 0.52 seconds (17743 lines/second) Physical Source Lines of Code (SLOC) = 217 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 23 in 0.60 seconds (220 lines/second) Physical Source Lines of Code (SLOC) = 22 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 93 in 0.52 seconds (4490 lines/second) Physical Source Lines of Code (SLOC) = 48 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 613 in 0.53 seconds (21960 lines/second) Physical Source Lines of Code (SLOC) = 372 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/vx/vxpocket.c:195: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/vx/vxpocket.c:196: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/vx/vxpocket.c:231: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/vx/vxpocket.c:40: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 4 Lines analyzed = 384 in 0.52 seconds (15447 lines/second) Physical Source Lines of Code (SLOC) = 231 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 17.316 [1+] 17.316 [2+] 17.316 [3+] 12.987 [4+] 12.987 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 151 in 0.52 seconds (9467 lines/second) Physical Source Lines of Code (SLOC) = 104 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c:341: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 349 in 0.52 seconds (17894 lines/second) Physical Source Lines of Code (SLOC) = 236 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.23729 [1+] 4.23729 [2+] 4.23729 [3+] 4.23729 [4+] 4.23729 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 145 in 0.52 seconds (7642 lines/second) Physical Source Lines of Code (SLOC) = 99 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/pdaudiocf/pdaudiocf.c:182: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/pdaudiocf/pdaudiocf.c:183: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/pdaudiocf/pdaudiocf.c:41: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/pdaudiocf/pdaudiocf.c:181: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 314 in 0.52 seconds (16140 lines/second) Physical Source Lines of Code (SLOC) = 198 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 20.202 [1+] 20.202 [2+] 20.202 [3+] 10.101 [4+] 10.101 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 325 in 0.52 seconds (14046 lines/second) Physical Source Lines of Code (SLOC) = 270 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pcmcia/pdaudiocf/pdaudiocf_core.c:192: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 290 in 0.53 seconds (9711 lines/second) Physical Source Lines of Code (SLOC) = 223 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 4.4843 [1+] 4.4843 [2+] 4.4843 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:398: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:274: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:276: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:369: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:370: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:381: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:382: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:385: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:386: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:389: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_main.c:390: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 11 Lines analyzed = 480 in 0.53 seconds (18254 lines/second) Physical Source Lines of Code (SLOC) = 397 Hits@level = [0] 0 [1] 0 [2] 10 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 27.7078 [1+] 27.7078 [2+] 27.7078 [3+] 2.51889 [4+] 2.51889 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 243 in 0.52 seconds (13233 lines/second) Physical Source Lines of Code (SLOC) = 204 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusclassic.c:44: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusclassic.c:196: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusclassic.c:201: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusclassic.c:196: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusclassic.c:201: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 5 Lines analyzed = 248 in 0.54 seconds (7034 lines/second) Physical Source Lines of Code (SLOC) = 191 Hits@level = [0] 0 [1] 2 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 26.178 [1+] 26.178 [2+] 15.7068 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 540 in 0.53 seconds (17676 lines/second) Physical Source Lines of Code (SLOC) = 433 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 413 in 0.52 seconds (17856 lines/second) Physical Source Lines of Code (SLOC) = 335 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusextreme.c:48: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusextreme.c:224: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusextreme.c:225: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusextreme.c:231: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusextreme.c:232: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusextreme.c:329: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 6 Lines analyzed = 377 in 0.53 seconds (11670 lines/second) Physical Source Lines of Code (SLOC) = 286 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 20.979 [1+] 20.979 [2+] 20.979 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_dram.c:33: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_dram.c:71: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 102 in 0.51 seconds (7352 lines/second) Physical Source Lines of Code (SLOC) = 73 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 27.3973 [1+] 27.3973 [2+] 27.3973 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:42: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:156: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:157: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:160: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:161: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:165: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:166: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:169: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:170: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:333: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:335: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:333: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gusmax.c:335: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 13 Lines analyzed = 383 in 0.52 seconds (15705 lines/second) Physical Source Lines of Code (SLOC) = 313 Hits@level = [0] 0 [1] 2 [2] 11 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 11 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 41.5335 [1+] 41.5335 [2+] 35.1438 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_pcm.c:873: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_pcm.c:875: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_pcm.c:877: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_pcm.c:875: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 4 Lines analyzed = 892 in 0.55 seconds (17917 lines/second) Physical Source Lines of Code (SLOC) = 775 Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 5.16129 [1+] 5.16129 [2+] 3.87097 [3+] 1.29032 [4+] 1.29032 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 2 in 0.51 seconds (188 lines/second) Physical Source Lines of Code (SLOC) = 2 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:723: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:728: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:747: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:748: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:749: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:58: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:218: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:241: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:288: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:364: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:367: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:368: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:372: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:373: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:374: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:375: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:392: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:519: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:522: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:535: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:536: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:539: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:540: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:544: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:545: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:548: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:549: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:700: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:701: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:722: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:727: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:755: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:700: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/interwave.c:755: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 34 Lines analyzed = 933 in 0.55 seconds (20053 lines/second) Physical Source Lines of Code (SLOC) = 800 Hits@level = [0] 0 [1] 2 [2] 27 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 34 [1+] 34 [2+] 32 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 42.5 [1+] 42.5 [2+] 40 [3+] 6.25 [4+] 6.25 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 172 in 0.52 seconds (10852 lines/second) Physical Source Lines of Code (SLOC) = 121 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 90 in 0.52 seconds (5598 lines/second) Physical Source Lines of Code (SLOC) = 62 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_mixer.c:171: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_mixer.c:174: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_mixer.c:175: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. Hits = 3 Lines analyzed = 191 in 0.52 seconds (10061 lines/second) Physical Source Lines of Code (SLOC) = 148 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 20.2703 [1+] 20.2703 [2+] 20.2703 [3+] 6.75676 [4+] 6.75676 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_timer.c:174: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_timer.c:184: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 2 Lines analyzed = 203 in 0.52 seconds (8550 lines/second) Physical Source Lines of Code (SLOC) = 140 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 14.2857 [1+] 14.2857 [2+] 14.2857 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_uart.c:247: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 256 in 0.53 seconds (8581 lines/second) Physical Source Lines of Code (SLOC) = 208 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.80769 [1+] 4.80769 [2+] 4.80769 [3+] 4.80769 [4+] 4.80769 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 147 in 0.52 seconds (8689 lines/second) Physical Source Lines of Code (SLOC) = 116 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_mem.c:213: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 1 Lines analyzed = 350 in 0.52 seconds (15871 lines/second) Physical Source Lines of Code (SLOC) = 305 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.27869 [1+] 3.27869 [2+] 3.27869 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_volume.c:79: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 217 in 0.52 seconds (12149 lines/second) Physical Source Lines of Code (SLOC) = 169 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.91716 [1+] 5.91716 [2+] 5.91716 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_mem_proc.c:94: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_mem_proc.c:104: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/gus/gus_mem_proc.c:122: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 3 Lines analyzed = 134 in 0.54 seconds (3038 lines/second) Physical Source Lines of Code (SLOC) = 104 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 28.8462 [1+] 28.8462 [2+] 28.8462 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:508: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:70: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:127: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:160: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:268: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:353: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:362: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:377: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:383: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:390: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:506: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cmi8330.c:507: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 12 Lines analyzed = 683 in 0.57 seconds (9360 lines/second) Physical Source Lines of Code (SLOC) = 521 Hits@level = [0] 0 [1] 0 [2] 11 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 12 [1+] 12 [2+] 12 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 23.0326 [1+] 23.0326 [2+] 23.0326 [3+] 1.91939 [4+] 1.91939 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:600: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:48: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:340: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:341: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:411: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:412: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:416: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:417: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:422: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:423: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:427: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:428: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:601: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sc6000.c:602: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 14 Lines analyzed = 655 in 0.53 seconds (19649 lines/second) Physical Source Lines of Code (SLOC) = 507 Hits@level = [0] 0 [1] 0 [2] 13 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 14 [1+] 14 [2+] 14 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 27.6134 [1+] 27.6134 [2+] 27.6134 [3+] 1.97239 [4+] 1.97239 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sscape.c:1133: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sscape.c:1132: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sscape.c:1134: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 3 Lines analyzed = 1557 in 0.56 seconds (25227 lines/second) Physical Source Lines of Code (SLOC) = 936 Hits@level = [0] 0 [1] 1 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.20513 [1+] 3.20513 [2+] 2.13675 [3+] 1.06838 [4+] 1.06838 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236_lib.c:908: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236_lib.c:99: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 972 in 0.55 seconds (20152 lines/second) Physical Source Lines of Code (SLOC) = 751 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.66312 [1+] 2.66312 [2+] 2.66312 [3+] 1.33156 [4+] 1.33156 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1586: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1618: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1658: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1890: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:53: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:86: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:122: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1445: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1448: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1634: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1637: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231_lib.c:1640: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 12 Lines analyzed = 1945 in 0.57 seconds (25995 lines/second) Physical Source Lines of Code (SLOC) = 1653 Hits@level = [0] 0 [1] 0 [2] 8 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 12 [1+] 12 [2+] 12 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 7.25953 [1+] 7.25953 [2+] 7.25953 [3+] 2.41984 [4+] 2.41984 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231.c:114: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231.c:116: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231.c:43: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231.c:113: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231.c:119: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4231.c:119: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 6 Lines analyzed = 205 in 0.52 seconds (11654 lines/second) Physical Source Lines of Code (SLOC) = 154 Hits@level = [0] 0 [1] 1 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 38.961 [1+] 38.961 [2+] 32.4675 [3+] 12.987 [4+] 12.987 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 2 in 0.51 seconds (188 lines/second) Physical Source Lines of Code (SLOC) = 2 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236.c:448: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236.c:449: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236.c:450: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236.c:84: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236.c:456: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/cs423x/cs4236.c:456: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 6 Lines analyzed = 751 in 0.54 seconds (18492 lines/second) Physical Source Lines of Code (SLOC) = 607 Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 5 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 9.88468 [1+] 9.88468 [2+] 8.23723 [3+] 4.94234 [4+] 4.94234 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:46: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:194: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:195: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:198: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:199: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:203: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:204: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:207: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:208: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:285: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:286: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sgalaxy.c:287: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 12 Lines analyzed = 362 in 0.52 seconds (15863 lines/second) Physical Source Lines of Code (SLOC) = 276 Hits@level = [0] 0 [1] 0 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 12 [1+] 12 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 43.4783 [1+] 43.4783 [2+] 43.4783 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a_lib.c:676: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a_lib.c:703: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a_lib.c:729: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a_lib.c:968: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a_lib.c:719: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 5 Lines analyzed = 975 in 0.54 seconds (24941 lines/second) Physical Source Lines of Code (SLOC) = 810 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 6.17284 [1+] 6.17284 [2+] 6.17284 [3+] 4.93827 [4+] 4.93827 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a.c:182: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a.c:46: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a.c:180: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1816a/ad1816a.c:181: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 287 in 0.52 seconds (13809 lines/second) Physical Source Lines of Code (SLOC) = 216 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 18.5185 [1+] 18.5185 [2+] 18.5185 [3+] 4.62963 [4+] 4.62963 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:997: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1004: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1011: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1868: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:2154: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:2159: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:977: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:980: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:983: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1021: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1038: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1697: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1702: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1720: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:1986: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:2150: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es18xx.c:2152: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 17 Lines analyzed = 2452 in 0.68 seconds (13696 lines/second) Physical Source Lines of Code (SLOC) = 1981 Hits@level = [0] 0 [1] 0 [2] 11 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 17 [1+] 17 [2+] 17 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 8.58152 [1+] 8.58152 [2+] 8.58152 [3+] 3.02877 [4+] 3.02877 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/adlib.c:70: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/adlib.c:71: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/adlib.c:72: [4] (format) sprintf: Potential format string problem. Make format string constant. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/adlib.c:20: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 4 Lines analyzed = 129 in 0.52 seconds (8016 lines/second) Physical Source Lines of Code (SLOC) = 102 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 39.2157 [1+] 39.2157 [2+] 39.2157 [3+] 29.4118 [4+] 29.4118 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/dt019x.c:178: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/dt019x.c:43: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/dt019x.c:176: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/dt019x.c:177: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 320 in 0.52 seconds (15291 lines/second) Physical Source Lines of Code (SLOC) = 252 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 15.873 [1+] 15.873 [2+] 15.873 [3+] 3.96825 [4+] 3.96825 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:260: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:716: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:49: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:137: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:230: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:527: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:528: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:533: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:534: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:540: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:541: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:546: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:547: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:648: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:649: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:719: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opl3sa2.c:719: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 17 Lines analyzed = 972 in 0.69 seconds (5195 lines/second) Physical Source Lines of Code (SLOC) = 823 Hits@level = [0] 0 [1] 1 [2] 14 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 17 [1+] 17 [2+] 16 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 20.6561 [1+] 20.6561 [2+] 19.4411 [3+] 2.43013 [4+] 2.43013 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848.c:114: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848.c:116: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848.c:45: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848.c:113: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848.c:119: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. Hits = 5 Lines analyzed = 187 in 0.83 seconds (562 lines/second) Physical Source Lines of Code (SLOC) = 137 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 36.4964 [1+] 36.4964 [2+] 36.4964 [3+] 14.5985 [4+] 14.5985 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:963: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:1000: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:1195: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:1242: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:49: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:77: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:880: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/ad1848/ad1848_lib.c:991: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 8 Lines analyzed = 1267 in 0.64 seconds (8989 lines/second) Physical Source Lines of Code (SLOC) = 1033 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 7.74443 [1+] 7.74443 [2+] 7.74443 [3+] 3.87222 [4+] 3.87222 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/als100.c:190: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/als100.c:49: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/als100.c:188: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/als100.c:189: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 327 in 0.52 seconds (15683 lines/second) Physical Source Lines of Code (SLOC) = 259 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 15.444 [1+] 15.444 [2+] 15.444 [3+] 3.861 [4+] 3.861 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/azt2320.c:214: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/azt2320.c:57: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/azt2320.c:212: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/azt2320.c:213: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 351 in 0.52 seconds (16225 lines/second) Physical Source Lines of Code (SLOC) = 269 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 14.8699 [1+] 14.8699 [2+] 14.8699 [3+] 3.71747 [4+] 3.71747 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 135 in 0.51 seconds (9357 lines/second) Physical Source Lines of Code (SLOC) = 80 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:54: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:73: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:77: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:79: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:100: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:104: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:106: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:124: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:126: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:142: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:144: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:161: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:164: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:167: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:170: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:188: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:233: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:239: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:242: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:243: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_midi.c:275: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 21 Lines analyzed = 286 in 0.52 seconds (14918 lines/second) Physical Source Lines of Code (SLOC) = 230 Hits@level = [0] 0 [1] 0 [2] 21 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 21 [1+] 21 [2+] 21 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 91.3043 [1+] 91.3043 [2+] 91.3043 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 2 in 0.51 seconds (187 lines/second) Physical Source Lines of Code (SLOC) = 2 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 304 in 0.52 seconds (12831 lines/second) Physical Source Lines of Code (SLOC) = 190 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 45 in 0.51 seconds (3618 lines/second) Physical Source Lines of Code (SLOC) = 17 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:376: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:381: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:382: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:389: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:71: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:387: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:387: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16.c:389: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 8 Lines analyzed = 695 in 0.54 seconds (19717 lines/second) Physical Source Lines of Code (SLOC) = 554 Hits@level = [0] 0 [1] 2 [2] 2 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 6 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 14.4404 [1+] 14.4404 [2+] 10.8303 [3+] 7.22022 [4+] 7.22022 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb_common.c:176: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Hits = 1 Lines analyzed = 319 in 0.52 seconds (16232 lines/second) Physical Source Lines of Code (SLOC) = 261 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.83142 [1+] 3.83142 [2+] 3.83142 [3+] 3.83142 [4+] 3.83142 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_main.c:712: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_main.c:703: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_main.c:877: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 3 Lines analyzed = 923 in 0.57 seconds (14113 lines/second) Physical Source Lines of Code (SLOC) = 746 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.02145 [1+] 4.02145 [2+] 4.02145 [3+] 1.34048 [4+] 1.34048 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 546 in 0.53 seconds (17875 lines/second) Physical Source Lines of Code (SLOC) = 356 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb_mixer.c:194: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb_mixer.c:286: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb_mixer.c:786: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb_mixer.c:185: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb_mixer.c:277: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb_mixer.c:850: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 6 Lines analyzed = 992 in 0.57 seconds (13797 lines/second) Physical Source Lines of Code (SLOC) = 842 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 7.12589 [1+] 7.12589 [2+] 7.12589 [3+] 3.56295 [4+] 3.56295 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_main.c:431: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_main.c:435: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_main.c:478: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8_main.c:519: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 4 Lines analyzed = 555 in 0.56 seconds (8921 lines/second) Physical Source Lines of Code (SLOC) = 452 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.84956 [1+] 8.84956 [2+] 8.84956 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 701 in 0.53 seconds (21070 lines/second) Physical Source Lines of Code (SLOC) = 486 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/es968.c:149: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/es968.c:39: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/es968.c:70: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/es968.c:147: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/es968.c:148: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 5 Lines analyzed = 247 in 0.52 seconds (13407 lines/second) Physical Source Lines of Code (SLOC) = 189 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 26.455 [1+] 26.455 [2+] 26.455 [3+] 5.29101 [4+] 5.29101 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/emu8000.c:639: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/emu8000.c:708: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/emu8000.c:1131: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 3 Lines analyzed = 1158 in 0.58 seconds (14705 lines/second) Physical Source Lines of Code (SLOC) = 844 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.5545 [1+] 3.5545 [2+] 3.5545 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:147: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:500: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:517: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:531: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:544: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:594: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:1122: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb16_csp.c:1124: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 8 Lines analyzed = 1197 in 0.57 seconds (16933 lines/second) Physical Source Lines of Code (SLOC) = 881 Hits@level = [0] 0 [1] 0 [2] 8 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 9.08059 [1+] 9.08059 [2+] 9.08059 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8.c:187: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8.c:188: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8.c:189: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8.c:39: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/sb/sb8.c:67: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 5 Lines analyzed = 267 in 0.52 seconds (12089 lines/second) Physical Source Lines of Code (SLOC) = 211 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 23.6967 [1+] 23.6967 [2+] 23.6967 [3+] 14.218 [4+] 14.218 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688.c:144: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688.c:145: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688.c:49: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688.c:143: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 211 in 0.52 seconds (10791 lines/second) Physical Source Lines of Code (SLOC) = 162 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 24.6914 [1+] 24.6914 [2+] 24.6914 [3+] 12.3457 [4+] 12.3457 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688_lib.c:629: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688_lib.c:739: [4] (format) sprintf: Potential format string problem. Make format string constant. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688_lib.c:767: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688_lib.c:1016: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688_lib.c:628: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/es1688/es1688_lib.c:757: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 6 Lines analyzed = 1052 in 0.54 seconds (24092 lines/second) Physical Source Lines of Code (SLOC) = 881 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 6.81044 [1+] 6.81044 [2+] 6.81044 [3+] 4.5403 [4+] 4.5403 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 73 in 0.51 seconds (5739 lines/second) Physical Source Lines of Code (SLOC) = 56 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 3 in 0.51 seconds (275 lines/second) Physical Source Lines of Code (SLOC) = 2 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 2 in 0.51 seconds (180 lines/second) Physical Source Lines of Code (SLOC) = 2 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:749: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:1374: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:103: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:684: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:687: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:1351: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:1355: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:1359: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:1363: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:1370: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/miro.c:1373: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 11 Lines analyzed = 1440 in 0.56 seconds (24520 lines/second) Physical Source Lines of Code (SLOC) = 1144 Hits@level = [0] 0 [1] 0 [2] 9 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 9.61538 [1+] 9.61538 [2+] 9.61538 [3+] 1.74825 [4+] 1.74825 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/opti92x-ad1848.c:219: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/opti92x-ad1848.c:783: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/opti92x-ad1848.c:784: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/opti92x-ad1848.c:786: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/opti92x-ad1848.c:790: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/opti9xx/opti92x-ad1848.c:135: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 6 Lines analyzed = 1049 in 0.55 seconds (22401 lines/second) Physical Source Lines of Code (SLOC) = 882 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 6.80272 [1+] 6.80272 [2+] 6.80272 [3+] 5.66893 [4+] 5.66893 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:246: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:249: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:268: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:271: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:290: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:292: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:311: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:313: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_midi.c:481: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 9 Lines analyzed = 569 in 0.53 seconds (20950 lines/second) Physical Source Lines of Code (SLOC) = 381 Hits@level = [0] 0 [1] 0 [2] 9 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 23.622 [1+] 23.622 [2+] 23.622 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:600: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:618: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:685: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:686: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:733: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:780: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:804: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:842: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:877: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1160: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1247: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1248: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1268: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1300: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1311: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1488: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1497: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:1547: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:2015: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront_synth.c:2146: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 20 Lines analyzed = 2197 in 0.68 seconds (12012 lines/second) Physical Source Lines of Code (SLOC) = 1399 Hits@level = [0] 0 [1] 0 [2] 20 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 20 [1+] 20 [2+] 20 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 14.2959 [1+] 14.2959 [2+] 14.2959 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 303 in 0.52 seconds (15588 lines/second) Physical Source Lines of Code (SLOC) = 218 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 2739 in 0.78 seconds (9848 lines/second) Physical Source Lines of Code (SLOC) = 2653 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:518: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:40: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:251: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:276: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:311: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:314: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:354: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:433: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:504: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:505: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:508: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:509: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:525: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:528: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:534: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:525: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:528: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.lBOfbq/src/sound/isa/wavefront/wavefront.c:534: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 18 Lines analyzed = 685 in 0.53 seconds (20754 lines/second) Physical Source Lines of Code (SLOC) = 501 Hits@level = [0] 0 [1] 3 [2] 14 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 18 [1+] 18 [2+] 15 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 35.9281 [1+] 35.9281 [2+] 29.9401 [3+] 1.99601 [4+] 1.99601 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 41 in 0.52 seconds (1945 lines/second) Physical Source Lines of Code (SLOC) = 17 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 76 in 0.52 seconds (3252 lines/second) Physical Source Lines of Code (SLOC) = 44 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/atiixp_modem.c:1310: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/atiixp_modem.c:1004: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/atiixp_modem.c:1291: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/atiixp_modem.c:1292: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 4 Lines analyzed = 1353 in 0.55 seconds (25817 lines/second) Physical Source Lines of Code (SLOC) = 976 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.09836 [1+] 4.09836 [2+] 4.09836 [3+] 1.02459 [4+] 1.02459 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 127 in 0.52 seconds (6689 lines/second) Physical Source Lines of Code (SLOC) = 93 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 170 in 0.52 seconds (8089 lines/second) Physical Source Lines of Code (SLOC) = 98 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 156 in 0.52 seconds (6777 lines/second) Physical Source Lines of Code (SLOC) = 91 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 693 in 0.54 seconds (16794 lines/second) Physical Source Lines of Code (SLOC) = 282 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 346 in 0.53 seconds (12953 lines/second) Physical Source Lines of Code (SLOC) = 239 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 141 in 0.52 seconds (9141 lines/second) Physical Source Lines of Code (SLOC) = 73 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 290 in 0.52 seconds (15564 lines/second) Physical Source Lines of Code (SLOC) = 185 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 120 in 0.51 seconds (8779 lines/second) Physical Source Lines of Code (SLOC) = 86 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 215 in 0.52 seconds (9644 lines/second) Physical Source Lines of Code (SLOC) = 131 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 170 in 0.52 seconds (10764 lines/second) Physical Source Lines of Code (SLOC) = 98 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 107 in 0.51 seconds (7954 lines/second) Physical Source Lines of Code (SLOC) = 76 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 125 in 0.52 seconds (7723 lines/second) Physical Source Lines of Code (SLOC) = 68 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 129 in 0.52 seconds (7960 lines/second) Physical Source Lines of Code (SLOC) = 95 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 198 in 0.52 seconds (10923 lines/second) Physical Source Lines of Code (SLOC) = 104 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 428 in 0.52 seconds (19554 lines/second) Physical Source Lines of Code (SLOC) = 300 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 101 in 0.51 seconds (7536 lines/second) Physical Source Lines of Code (SLOC) = 67 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 122 in 0.51 seconds (9143 lines/second) Physical Source Lines of Code (SLOC) = 92 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 115 in 0.51 seconds (8316 lines/second) Physical Source Lines of Code (SLOC) = 82 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 108 in 0.51 seconds (8068 lines/second) Physical Source Lines of Code (SLOC) = 77 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 105 in 0.51 seconds (7808 lines/second) Physical Source Lines of Code (SLOC) = 71 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:887: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:901: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:922: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:937: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:1384: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:1472: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:1534: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:2015: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:2016: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:2022: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:26: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:43: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:246: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:1372: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:1465: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:1522: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.c:45: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 17 Lines analyzed = 2185 in 0.59 seconds (23985 lines/second) Physical Source Lines of Code (SLOC) = 1676 Hits@level = [0] 0 [1] 1 [2] 6 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 17 [1+] 17 [2+] 16 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 10.1432 [1+] 10.1432 [2+] 9.54654 [3+] 5.96659 [4+] 5.96659 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/layla24_dsp.c:316: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/layla24_dsp.c:322: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. Hits = 2 Lines analyzed = 394 in 0.52 seconds (18102 lines/second) Physical Source Lines of Code (SLOC) = 264 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.57576 [1+] 7.57576 [2+] 7.57576 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 1125 in 0.55 seconds (23798 lines/second) Physical Source Lines of Code (SLOC) = 719 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/echoaudio.h:423: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 590 in 0.53 seconds (19335 lines/second) Physical Source Lines of Code (SLOC) = 276 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.62319 [1+] 3.62319 [2+] 3.62319 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/midi.c:317: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/midi.c:72: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/echoaudio/midi.c:208: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 329 in 0.53 seconds (10316 lines/second) Physical Source Lines of Code (SLOC) = 196 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 15.3061 [1+] 15.3061 [2+] 15.3061 [3+] 5.10204 [4+] 5.10204 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 138 in 0.52 seconds (9131 lines/second) Physical Source Lines of Code (SLOC) = 104 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 229 in 0.52 seconds (13148 lines/second) Physical Source Lines of Code (SLOC) = 138 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 131 in 0.52 seconds (8265 lines/second) Physical Source Lines of Code (SLOC) = 84 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 108 in 0.51 seconds (8017 lines/second) Physical Source Lines of Code (SLOC) = 74 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 431 in 0.52 seconds (19653 lines/second) Physical Source Lines of Code (SLOC) = 284 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 107 in 0.51 seconds (7942 lines/second) Physical Source Lines of Code (SLOC) = 76 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/nm256/nm256.c:1323: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/nm256/nm256.c:1719: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/nm256/nm256.c:1720: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/nm256/nm256.c:1672: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/nm256/nm256.c:1675: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/nm256/nm256.c:1678: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 6 Lines analyzed = 1763 in 0.56 seconds (27897 lines/second) Physical Source Lines of Code (SLOC) = 1267 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 4.7356 [1+] 4.7356 [2+] 4.7356 [3+] 2.3678 [4+] 2.3678 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/nm256/nm256_coef.c:3: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 4607 in 1.36 seconds (5368 lines/second) Physical Source Lines of Code (SLOC) = 4602 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.217297 [1+] 0.217297 [2+] 0.217297 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/timer.c:90: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 1 Lines analyzed = 96 in 0.51 seconds (6680 lines/second) Physical Source Lines of Code (SLOC) = 61 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 16.3934 [1+] 16.3934 [2+] 16.3934 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1.c:180: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1.c:181: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1.c:46: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1.c:172: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1.c:182: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 5 Lines analyzed = 284 in 0.53 seconds (9708 lines/second) Physical Source Lines of Code (SLOC) = 211 Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 4 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 23.6967 [1+] 23.6967 [2+] 18.9573 [3+] 9.47867 [4+] 9.47867 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumpu401.c:334: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 390 in 0.53 seconds (13181 lines/second) Physical Source Lines of Code (SLOC) = 313 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.19489 [1+] 3.19489 [2+] 3.19489 [3+] 3.19489 [4+] 3.19489 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/p16v.c:721: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/p16v.c:766: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/p16v.c:623: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/p16v.c:711: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/p16v.c:759: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 5 Lines analyzed = 888 in 0.54 seconds (24238 lines/second) Physical Source Lines of Code (SLOC) = 640 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 7.8125 [1+] 7.8125 [2+] 7.8125 [3+] 3.125 [4+] 3.125 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:1014: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:1016: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:288: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:289: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:321: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:322: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:1372: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:1406: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:1447: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emupcm.c:1781: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 10 Lines analyzed = 1820 in 0.56 seconds (28259 lines/second) Physical Source Lines of Code (SLOC) = 1516 Hits@level = [0] 0 [1] 0 [2] 8 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 10 [1+] 10 [2+] 10 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 6.59631 [1+] 6.59631 [2+] 6.59631 [3+] 1.31926 [4+] 1.31926 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 224 in 0.53 seconds (8075 lines/second) Physical Source Lines of Code (SLOC) = 151 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 570 in 0.54 seconds (13869 lines/second) Physical Source Lines of Code (SLOC) = 399 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1_main.c:1795: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 1 Lines analyzed = 2055 in 0.58 seconds (24466 lines/second) Physical Source Lines of Code (SLOC) = 1485 Hits@level = [0] 0 [1] 1 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.673401 [1+] 0.673401 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emuproc.c:44: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emuproc.c:46: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emuproc.c:47: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emuproc.c:85: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emuproc.c:120: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emuproc.c:449: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emuproc.c:525: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 7 Lines analyzed = 674 in 0.53 seconds (19493 lines/second) Physical Source Lines of Code (SLOC) = 594 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 11.7845 [1+] 11.7845 [2+] 11.7845 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:1497: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:1582: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:52: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:864: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:867: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:870: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:1037: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:1580: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emu10k1x.c:1581: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 9 Lines analyzed = 1631 in 0.66 seconds (10400 lines/second) Physical Source Lines of Code (SLOC) = 1257 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 7.1599 [1+] 7.1599 [2+] 7.1599 [3+] 1.59109 [4+] 1.59109 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 123 in 0.51 seconds (8747 lines/second) Physical Source Lines of Code (SLOC) = 75 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 158 in 0.52 seconds (6686 lines/second) Physical Source Lines of Code (SLOC) = 96 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 546 in 0.54 seconds (12716 lines/second) Physical Source Lines of Code (SLOC) = 372 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1070: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1084: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1099: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1112: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:2433: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:2435: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:57: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:76: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:95: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:114: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:149: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:671: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1183: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1425: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1434: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:1814: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:2135: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:2144: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emufx.c:2623: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 19 Lines analyzed = 2743 in 0.64 seconds (20194 lines/second) Physical Source Lines of Code (SLOC) = 2267 Hits@level = [0] 0 [1] 0 [2] 13 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 19 [1+] 19 [2+] 19 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 8.38112 [1+] 8.38112 [2+] 8.38112 [3+] 2.64667 [4+] 2.64667 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:410: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:711: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:846: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:1007: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:1656: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:1665: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:1674: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:702: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:833: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:837: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:1858: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:1860: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/emumixer.c:1862: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 13 Lines analyzed = 2091 in 0.62 seconds (18101 lines/second) Physical Source Lines of Code (SLOC) = 1778 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 13 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 7.31159 [1+] 7.31159 [2+] 7.31159 [3+] 3.93701 [4+] 3.93701 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 158 in 0.52 seconds (7961 lines/second) Physical Source Lines of Code (SLOC) = 95 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 32 in 0.54 seconds (862 lines/second) Physical Source Lines of Code (SLOC) = 1 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/emu10k1/io.c:545: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 580 in 0.55 seconds (11457 lines/second) Physical Source Lines of Code (SLOC) = 456 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.19298 [1+] 2.19298 [2+] 2.19298 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 208 in 0.52 seconds (9585 lines/second) Physical Source Lines of Code (SLOC) = 171 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 42 in 0.62 seconds (363 lines/second) Physical Source Lines of Code (SLOC) = 16 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 299 in 0.53 seconds (10446 lines/second) Physical Source Lines of Code (SLOC) = 46 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:890: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:1444: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:54: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:859: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:881: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:1094: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:1442: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/sonicvibes.c:1443: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 8 Lines analyzed = 1513 in 0.62 seconds (12528 lines/second) Physical Source Lines of Code (SLOC) = 1279 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 8 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 6.25489 [1+] 6.25489 [2+] 6.25489 [3+] 1.56372 [4+] 1.56372 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 41 in 0.51 seconds (3111 lines/second) Physical Source Lines of Code (SLOC) = 14 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1816: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1907: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2036: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2661: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2663: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2749: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:86: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:88: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:329: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:889: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:918: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1177: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1178: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1257: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1539: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1617: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:1824: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2332: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2648: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2649: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2723: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.c:2740: [1] (port) snprintf: On some very old systems, snprintf is incorrectly implemented and permits buffer overflows; there are also incompatible standard definitions of it. Check it during installation, or use something else. Hits = 22 Lines analyzed = 2785 in 0.68 seconds (15590 lines/second) Physical Source Lines of Code (SLOC) = 2315 Hits@level = [0] 0 [1] 2 [2] 14 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 22 [1+] 22 [2+] 20 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 9.50324 [1+] 9.50324 [2+] 8.63931 [3+] 2.59179 [4+] 2.59179 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 10 in 0.51 seconds (891 lines/second) Physical Source Lines of Code (SLOC) = 6 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:208: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:1110: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:1116: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:1172: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:1174: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:1391: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:201: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:684: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/aureon.c:1383: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 9 Lines analyzed = 2241 in 0.59 seconds (24958 lines/second) Physical Source Lines of Code (SLOC) = 1823 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 4.93692 [1+] 4.93692 [2+] 4.93692 [3+] 3.29128 [4+] 3.29128 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 219 in 0.52 seconds (9263 lines/second) Physical Source Lines of Code (SLOC) = 157 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 65 in 0.51 seconds (4877 lines/second) Physical Source Lines of Code (SLOC) = 35 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 94 in 0.53 seconds (3573 lines/second) Physical Source Lines of Code (SLOC) = 54 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/juli.c:445: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Hits = 1 Lines analyzed = 676 in 0.53 seconds (21038 lines/second) Physical Source Lines of Code (SLOC) = 460 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.17391 [1+] 2.17391 [2+] 2.17391 [3+] 2.17391 [4+] 2.17391 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/phase.c:684: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/phase.c:79: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/phase.c:676: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 908 in 0.56 seconds (15455 lines/second) Physical Source Lines of Code (SLOC) = 732 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.09836 [1+] 4.09836 [2+] 4.09836 [3+] 1.36612 [4+] 1.36612 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 48 in 0.51 seconds (3370 lines/second) Physical Source Lines of Code (SLOC) = 17 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 86 in 0.52 seconds (5567 lines/second) Physical Source Lines of Code (SLOC) = 45 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.h:226: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ice1712.h:281: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 2 Lines analyzed = 504 in 0.53 seconds (17800 lines/second) Physical Source Lines of Code (SLOC) = 369 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.42005 [1+] 5.42005 [2+] 5.42005 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 193 in 0.57 seconds (2944 lines/second) Physical Source Lines of Code (SLOC) = 136 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy_hifi.c:568: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy_hifi.c:321: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy_hifi.c:905: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 3 Lines analyzed = 1210 in 0.56 seconds (21273 lines/second) Physical Source Lines of Code (SLOC) = 937 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.20171 [1+] 3.20171 [2+] 3.20171 [3+] 1.06724 [4+] 1.06724 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 15 in 0.51 seconds (1315 lines/second) Physical Source Lines of Code (SLOC) = 9 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 140 in 0.52 seconds (6034 lines/second) Physical Source Lines of Code (SLOC) = 95 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/pontis.c:425: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/pontis.c:641: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 2 Lines analyzed = 835 in 0.54 seconds (19875 lines/second) Physical Source Lines of Code (SLOC) = 654 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.0581 [1+] 3.0581 [2+] 3.0581 [3+] 1.52905 [4+] 1.52905 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 19 in 0.58 seconds (245 lines/second) Physical Source Lines of Code (SLOC) = 11 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 No hits found. Lines analyzed = 628 in 0.53 seconds (24002 lines/second) Physical Source Lines of Code (SLOC) = 492 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/hoontech.c:38: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 1 Lines analyzed = 360 in 0.52 seconds (16533 lines/second) Physical Source Lines of Code (SLOC) = 259 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 1 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.861 [1+] 3.861 [2+] 3.861 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy192.c:289: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy192.c:567: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy192.c:281: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy192.c:326: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/prodigy192.c:560: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 5 Lines analyzed = 817 in 0.54 seconds (19188 lines/second) Physical Source Lines of Code (SLOC) = 562 Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 8.8968 [1+] 8.8968 [2+] 8.8968 [3+] 3.55872 [4+] 3.55872 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ews.c:586: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ews.c:907: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ews.c:234: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ews.c:578: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ews.c:754: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice1712/ews.c:775: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.lBOfbq/src/sound/pci/ice17