Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.cpp
Examining data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.h
Examining data/kodi-pvr-hdhomerun-3.4.3/src/Utils.cpp
Examining data/kodi-pvr-hdhomerun-3.4.3/src/Utils.h
Examining data/kodi-pvr-hdhomerun-3.4.3/src/client.cpp
Examining data/kodi-pvr-hdhomerun-3.4.3/src/client.h

FINAL RESULTS:

data/kodi-pvr-hdhomerun-3.4.3/src/Utils.cpp:48:10:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  nLen = vsnprintf(szBuffer, sizeof(szBuffer) - 1, szFormat, args);
data/kodi-pvr-hdhomerun-3.4.3/src/Utils.cpp:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char szBuffer[4096];
data/kodi-pvr-hdhomerun-3.4.3/src/Utils.cpp:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1024];
data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.cpp:284:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(pvrChannel.strChannelName, jsonChannel["_ChannelName"].asString().c_str(),
data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.cpp:287:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(pvrChannel.strIconPath, jsonChannel["_IconPath"].asString().c_str(),
data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.cpp:363:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(channelGroup.strGroupName, g_strGroupFavoriteChannels.c_str(),
data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.cpp:369:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(channelGroup.strGroupName, g_strGroupHDChannels.c_str(),
data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.cpp:375:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(channelGroup.strGroupName, g_strGroupSDChannels.c_str(),
data/kodi-pvr-hdhomerun-3.4.3/src/HDHomeRunTuners.cpp:398:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(channelGroupMember.strGroupName, group.strGroupName,
data/kodi-pvr-hdhomerun-3.4.3/src/client.cpp:273:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(signalStatus.strAdapterName, "PVR HDHomeRun Adapter 1",
data/kodi-pvr-hdhomerun-3.4.3/src/client.cpp:276:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(signalStatus.strAdapterStatus, "OK",
data/kodi-pvr-hdhomerun-3.4.3/src/client.cpp:305:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(properties[0].strName, PVR_STREAM_PROPERTY_STREAMURL, sizeof(properties[0].strName) - 1);
data/kodi-pvr-hdhomerun-3.4.3/src/client.cpp:306:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(properties[0].strValue, strUrl.c_str(), sizeof(properties[0].strValue) - 1);
data/kodi-pvr-hdhomerun-3.4.3/src/client.cpp:307:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(properties[1].strName, PVR_STREAM_PROPERTY_ISREALTIMESTREAM, sizeof(properties[1].strName) - 1);
data/kodi-pvr-hdhomerun-3.4.3/src/client.cpp:308:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
  strncpy(properties[1].strValue, "true", sizeof(properties[1].strValue) - 1);

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 1095 in approximately 0.49 seconds (2236 lines/second)
Physical Source Lines of Code (SLOC) = 759
Hits@level = [0]   5 [1]  12 [2]   2 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  20 [1+]  15 [2+]   3 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 26.3505 [1+] 19.7628 [2+] 3.95257 [3+] 1.31752 [4+] 1.31752 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.