Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kodi-pvr-vuplus-3.28.9/src/Enigma2.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/Enigma2.h Examining data/kodi-pvr-vuplus-3.28.9/src/client.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/client.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/ChannelGroups.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/ChannelGroups.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Channels.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Channels.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/ConnectionManager.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/ConnectionManager.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Epg.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Epg.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/IConnectionListener.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/IStreamReader.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/LocalizedString.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/RecordingReader.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/RecordingReader.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Recordings.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Recordings.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Settings.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Settings.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/StreamReader.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/StreamReader.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Timers.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/Timers.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/TimeshiftBuffer.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/TimeshiftBuffer.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/AutoTimer.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/AutoTimer.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/BaseChannel.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/BaseEntry.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/BaseEntry.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Channel.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Channel.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/ChannelGroup.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/ChannelGroup.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/EpgChannel.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/EpgEntry.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/EpgEntry.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/EpgPartialEntry.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Tags.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Timer.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Timer.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/EpgEntryExtractor.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/EpgEntryExtractor.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/EpisodeSeasonPattern.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/GenreIdMapper.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/GenreIdMapper.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/GenreRytecTextMapper.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/GenreRytecTextMapper.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/IExtractor.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/ShowInfoExtractor.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/ShowInfoExtractor.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/CurlFile.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/CurlFile.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/DeviceInfo.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/DeviceSettings.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/FileUtils.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/FileUtils.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/LocalizedString.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/Logger.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/Logger.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/SignalStatus.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/StreamStatus.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/Tuner.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/UpdateState.h Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/WebUtils.cpp Examining data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/WebUtils.h FINAL RESULTS: data/kodi-pvr-vuplus-3.28.9/src/Enigma2.h:49:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #if defined(snprintf) data/kodi-pvr-vuplus-3.28.9/src/Enigma2.h:50:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:261:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). versionPart = std::atoi(i->str().c_str()); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:265:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). versionPart = std::atoi(i->str().c_str()); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:269:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). versionPart = std::atoi(i->str().c_str()); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:435:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_deviceSettings.SetGlobalRecordingStartMargin(std::atoi(settingValue.c_str())); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:440:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_deviceSettings.SetGlobalRecordingEndMargin(std::atoi(settingValue.c_str())); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:661:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). signalStatus.m_snrPercentage = std::atoi(std::regex_replace(snrPercentage, regexReplacePercent, regexReplace).c_str()) * 655; data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:662:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). signalStatus.m_ber = std::atol(ber.c_str()); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.cpp:663:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). signalStatus.m_signalStrength = std::atoi(std::regex_replace(signalStrength, regexReplacePercent, regexReplace).c_str()) * 655; data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.h:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_serverName[256]; data/kodi-pvr-vuplus-3.28.9/src/enigma2/Admin.h:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_serverVersion[256]; data/kodi-pvr-vuplus-3.28.9/src/enigma2/Settings.cpp:43:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/AutoTimer.cpp:225:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_weekdays = m_weekdays |= (1 << std::atoi(includeVal.c_str())); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:158:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeInSecs += std::atoi(tokens[0].c_str()) * 60; data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:159:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeInSecs += std::atoi(tokens[1].c_str()); data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/ShowInfoExtractor.cpp:57:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entry.SetSeasonNumber(std::atoi(seasonText.c_str())); data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/ShowInfoExtractor.cpp:66:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entry.SetEpisodeNumber(std::atoi(episodeText.c_str())); data/kodi-pvr-vuplus-3.28.9/src/enigma2/extract/ShowInfoExtractor.cpp:82:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entry.SetYear(std::atoi(yearText.c_str())); data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/CurlFile.cpp:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/CurlFile.cpp:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/FileUtils.cpp:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/FileUtils.cpp:198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/WebUtils.cpp:34:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char SAFE[256] = data/kodi-pvr-vuplus-3.28.9/src/enigma2/utilities/WebUtils.cpp:60:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char DEC2HEX[16 + 1] = "0123456789ABCDEF"; data/kodi-pvr-vuplus-3.28.9/src/Enigma2.cpp:739:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(signalStatus.strServiceName, channel->GetChannelName().c_str(), sizeof(signalStatus.strServiceName) - 1); data/kodi-pvr-vuplus-3.28.9/src/Enigma2.cpp:740:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(signalStatus.strProviderName, channel->GetProviderName().c_str(), sizeof(signalStatus.strProviderName) - 1); data/kodi-pvr-vuplus-3.28.9/src/Enigma2.cpp:758:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(signalStatus.strAdapterName, m_signalStatus.m_adapterName.c_str(), sizeof(signalStatus.strAdapterName) - 1); data/kodi-pvr-vuplus-3.28.9/src/Enigma2.cpp:759:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(signalStatus.strAdapterStatus, m_signalStatus.m_adapterStatus.c_str(), sizeof(signalStatus.strAdapterStatus) - 1); data/kodi-pvr-vuplus-3.28.9/src/client.cpp:371:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(properties[0].strName, PVR_STREAM_PROPERTY_STREAMURL, sizeof(properties[0].strName) - 1); data/kodi-pvr-vuplus-3.28.9/src/client.cpp:372:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(properties[0].strValue, enigma->GetLiveStreamURL(*channel).c_str(), sizeof(properties[0].strValue) - 1); data/kodi-pvr-vuplus-3.28.9/src/client.cpp:382:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(properties[0].strName, "program", sizeof(properties[0].strName) - 1); data/kodi-pvr-vuplus-3.28.9/src/client.cpp:383:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(properties[0].strValue, strStreamProgramNumber.c_str(), sizeof(properties[0].strValue) - 1); data/kodi-pvr-vuplus-3.28.9/src/client.cpp:635:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(properties[0].strName, "program", sizeof(properties[0].strName) - 1); data/kodi-pvr-vuplus-3.28.9/src/client.cpp:636:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(properties[0].strValue, strStreamProgramNumber.c_str(), sizeof(properties[0].strValue) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/ChannelGroups.cpp:85:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tag.strGroupName, groupName.c_str(), sizeof(tag.strGroupName) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/RecordingReader.cpp:90:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_pos += read; data/kodi-pvr-vuplus-3.28.9/src/enigma2/RecordingReader.cpp:91:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/kodi-pvr-vuplus-3.28.9/src/enigma2/Timers.cpp:262:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(strDescription, description.c_str(), sizeof(strDescription) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Timers.cpp:270:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(recordingGroup[i].strDescription, group.second.c_str(), sizeof(recordingGroup[i].strDescription) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/Timers.cpp:280:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(preventDuplicateEpisodes[i].strDescription, deDup.second.c_str(), sizeof(preventDuplicateEpisodes[i].strDescription) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/TimeshiftBuffer.cpp:95:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t write = XBMC->WriteFile(m_filebufferWriteHandle, buffer, read); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/AutoTimer.cpp:81:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strTitle, m_title.c_str(), sizeof(left.strTitle) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/AutoTimer.cpp:82:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strEpgSearchString, m_searchPhrase.c_str(), sizeof(left.strEpgSearchString) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Channel.cpp:238:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strChannelName, m_channelName.c_str(), sizeof(left.strChannelName) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Channel.cpp:239:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(left.strInputFormat, "", 0); // unused data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Channel.cpp:242:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strIconPath, m_iconPath.c_str(), sizeof(left.strIconPath) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/ChannelGroup.cpp:127:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strGroupName, m_groupName.c_str(), sizeof(left.strGroupName) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:168:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strRecordingId, m_recordingId.c_str(), sizeof(left.strRecordingId) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:169:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strTitle, m_title.c_str(), sizeof(left.strTitle) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:170:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strPlotOutline, m_plotOutline.c_str(), sizeof(left.strPlotOutline) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:171:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strPlot, m_plot.c_str(), sizeof(left.strPlot) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:172:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strChannelName, m_channelName.c_str(), sizeof(left.strChannelName) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:173:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strIconPath, m_iconPath.c_str(), sizeof(left.strIconPath) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:185:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strDirectory, m_directory.c_str(), sizeof(left.strDirectory) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/RecordingEntry.cpp:208:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strGenreDescription, m_genreDescription.c_str(), sizeof(left.strGenreDescription) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Timer.cpp:100:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strTitle, m_title.c_str(), sizeof(left.strTitle) - 1); data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Timer.cpp:101:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(left.strDirectory, "/", sizeof(left.strDirectory) - 1); // unused data/kodi-pvr-vuplus-3.28.9/src/enigma2/data/Timer.cpp:102:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(left.strSummary, m_plot.c_str(), sizeof(left.strSummary) - 1); ANALYSIS SUMMARY: Hits = 59 Lines analyzed = 13262 in approximately 1.62 seconds (8207 lines/second) Physical Source Lines of Code (SLOC) = 9094 Hits@level = [0] 11 [1] 34 [2] 23 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 70 [1+] 59 [2+] 25 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 7.69738 [1+] 6.48779 [2+] 2.74907 [3+] 0.219925 [4+] 0.219925 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.