Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dvdbackup-0.4.2/src/gettext.h
Examining data/dvdbackup-0.4.2/src/dvdbackup.h
Examining data/dvdbackup-0.4.2/src/main.c
Examining data/dvdbackup-0.4.2/src/dvdbackup.c
FINAL RESULTS:
data/dvdbackup-0.4.2/src/dvdbackup.c:1937:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%7.2f %sB", size, prefix);
data/dvdbackup-0.4.2/src/dvdbackup.c:2007:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\tThe main feature has %d angle\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2010:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\tThe main feature has %d audio track\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2013:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\tThe main feature has %d subpicture channel\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2029:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\tThe main feature has a maximum of %d chapter in one of its titles\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2032:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\tThe main feature has a maximum of %d audio channel in one of its titles\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2051:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\t\tTitle set %d has %d angle\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2054:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\t\tTitle set %d has %d audio track\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2057:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\t\tTitle set %d has %d subpicture channel\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2070:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\n\t\tTitle included in title set %d is\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2077:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\t\t\t\tTitle %d has %d chapter\n",
data/dvdbackup-0.4.2/src/dvdbackup.c:2080:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("\t\t\t\tTitle %d has %d audio channel\n",
data/dvdbackup-0.4.2/src/main.c:403:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title_name,provided_title_name);
data/dvdbackup-0.4.2/src/main.c:211:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((flags = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progressText[MAXNAME] = "n/a";
data/dvdbackup-0.4.2/src/dvdbackup.c:270:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout = open(targetname, O_WRONLY | O_CREAT | O_APPEND, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:340:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout = open(targetname, O_WRONLY | O_CREAT | O_APPEND, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:839:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUFFER_SIZE * DVD_VIDEO_LB_LEN];
data/dvdbackup-0.4.2/src/dvdbackup.c:840:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_zero[BUFFER_SIZE * DVD_VIDEO_LB_LEN];
data/dvdbackup-0.4.2/src/dvdbackup.c:946:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[13] = "VIDEO_TS.VOB";
data/dvdbackup-0.4.2/src/dvdbackup.c:968:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "VTS_%02i_%1i.VOB", title_set, vob);
data/dvdbackup-0.4.2/src/dvdbackup.c:1040:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout = open(targetname, O_WRONLY | O_TRUNC, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:1048:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout = open(targetname, O_WRONLY | O_CREAT, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:1076:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[13] = "VIDEO_TS.VOB";
data/dvdbackup-0.4.2/src/dvdbackup.c:1094:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "VTS_%02i_0.VOB", title_set);
data/dvdbackup-0.4.2/src/dvdbackup.c:1135:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout = open(targetname, O_WRONLY | O_TRUNC, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:1144:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout = open(targetname, O_WRONLY | O_CREAT, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:1245:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout_ifo = open(targetname_ifo, O_WRONLY | O_CREAT | O_TRUNC, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:1257:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((streamout_bup = open(targetname_bup, O_WRONLY | O_CREAT | O_TRUNC, 0666)) == -1) {
data/dvdbackup-0.4.2/src/dvdbackup.c:1375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuf[DVD_SEC_SIZ];
data/dvdbackup-0.4.2/src/dvdbackup.c:1382:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !(filehandle = open(device, O_RDONLY)) ) {
data/dvdbackup-0.4.2/src/dvdbackup.c:1946:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title_name[33] = "";
data/dvdbackup-0.4.2/src/dvdbackup.c:1947:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[40] = "";
data/dvdbackup-0.4.2/src/gettext.h:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/dvdbackup-0.4.2/src/gettext.h:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/dvdbackup-0.4.2/src/gettext.h:211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/dvdbackup-0.4.2/src/gettext.h:213:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/dvdbackup-0.4.2/src/gettext.h:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/dvdbackup-0.4.2/src/gettext.h:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/dvdbackup-0.4.2/src/gettext.h:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/dvdbackup-0.4.2/src/gettext.h:259:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/dvdbackup-0.4.2/src/main.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title_name[33] = "";
data/dvdbackup-0.4.2/src/main.c:298:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aspect = atoi(aspect_temp);
data/dvdbackup-0.4.2/src/main.c:307:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
titles = atoi(titles_temp);
data/dvdbackup-0.4.2/src/main.c:315:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start_chapter = atoi(start_chapter_temp);
data/dvdbackup-0.4.2/src/main.c:323:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end_chapter = atoi(end_chapter_temp);
data/dvdbackup-0.4.2/src/main.c:352:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
title_set = atoi(title_set_temp);
data/dvdbackup-0.4.2/src/dvdbackup.c:222:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + 24;
data/dvdbackup-0.4.2/src/dvdbackup.c:222:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + 24;
data/dvdbackup-0.4.2/src/dvdbackup.c:1004:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + strlen(filename) + 12;
data/dvdbackup-0.4.2/src/dvdbackup.c:1004:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + strlen(filename) + 12;
data/dvdbackup-0.4.2/src/dvdbackup.c:1004:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + strlen(filename) + 12;
data/dvdbackup-0.4.2/src/dvdbackup.c:1116:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + strlen(filename) + 12;
data/dvdbackup-0.4.2/src/dvdbackup.c:1116:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + strlen(filename) + 12;
data/dvdbackup-0.4.2/src/dvdbackup.c:1116:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + strlen(filename) + 12;
data/dvdbackup-0.4.2/src/dvdbackup.c:1154:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(progressText, _("menu"), MAXNAME);
data/dvdbackup-0.4.2/src/dvdbackup.c:1201:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(targetdir) + strlen(title_name) + 24;
data/dvdbackup-0.4.2/src/dvdbackup.c:1201:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(targetdir) + strlen(title_name) + 24;
data/dvdbackup-0.4.2/src/dvdbackup.c:1396:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(DVD_SEC_SIZ != read(filehandle, tempBuf, DVD_SEC_SIZ)) {
data/dvdbackup-0.4.2/src/gettext.h:197:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/dvdbackup-0.4.2/src/gettext.h:198:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/dvdbackup-0.4.2/src/gettext.h:243:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/dvdbackup-0.4.2/src/gettext.h:244:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/dvdbackup-0.4.2/src/main.c:398:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(provided_title_name) > 32) {
data/dvdbackup-0.4.2/src/main.c:400:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title_name,provided_title_name, 32);
data/dvdbackup-0.4.2/src/main.c:408:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + 11;
data/dvdbackup-0.4.2/src/main.c:408:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetname_length = strlen(targetdir) + strlen(title_name) + 11;
ANALYSIS SUMMARY:
Hits = 67
Lines analyzed = 2933 in approximately 0.41 seconds (7106 lines/second)
Physical Source Lines of Code (SLOC) = 2027
Hits@level = [0] 180 [1] 20 [2] 33 [3] 1 [4] 13 [5] 0
Hits@level+ = [0+] 247 [1+] 67 [2+] 47 [3+] 14 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 121.855 [1+] 33.0538 [2+] 23.187 [3+] 6.90676 [4+] 6.41342 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.