Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kodi-pvr-wmc-2.4.5/src/Socket.cpp Examining data/kodi-pvr-wmc-2.4.5/src/Socket.h Examining data/kodi-pvr-wmc-2.4.5/src/client.cpp Examining data/kodi-pvr-wmc-2.4.5/src/client.h Examining data/kodi-pvr-wmc-2.4.5/src/clientversion.h Examining data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp Examining data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.h Examining data/kodi-pvr-wmc-2.4.5/src/utilities.cpp Examining data/kodi-pvr-wmc-2.4.5/src/utilities.h FINAL RESULTS: data/kodi-pvr-wmc-2.4.5/src/Socket.cpp:205:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; // this buff size has to be known in server data/kodi-pvr-wmc-2.4.5/src/client.cpp:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestr[32]; data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:120:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _serverBuild = atoi(results[1].c_str()); // get server build number for feature checking data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:487:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int errorID = atoi(results[2].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:541:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int level = atoi(v[1].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:552:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int stringId = atoi(v[2].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:639:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xChannel.iChannelNumber = atoi(c[0].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:640:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xChannel.iSubChannelNumber = atoi(c[1].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:644:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xChannel.iChannelNumber = atoi(v[2].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:696:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xGroup.iPosition = atoi(v[1].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:729:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xGroupMember.iChannelNumber = atoi(v[1].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:767:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iUniqueBroadcastId = atoi(v[0].c_str()); // entry ID data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:769:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.startTime = atol(v[3].c_str()); // start time data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:770:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.endTime = atol(v[4].c_str()); // end time data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:773:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.firstAired = atol(v[7].c_str()); // orig air date data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:774:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iParentalRating = atoi(v[8].c_str()); // tv rating data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:775:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iStarRating = atoi(v[9].c_str()); // star rating data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:776:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iSeriesNumber = atoi(v[10].c_str()); // season (?) number data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:777:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iEpisodeNumber = atoi(v[11].c_str()); // episode number data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:778:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iGenreType = atoi(v[12].c_str()); // season (?) number data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:779:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iGenreSubType = atoi(v[13].c_str()); // general genre type data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:790:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xEpg.iYear = atoi(v[23].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:954:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iClientChannelUid = atoi(v[2].c_str()); // [2] channel id data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:955:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iEpgUid = atoi(v[3].c_str()); // [3] epg ID (same as client ID, except for a 'manual' record) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:957:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.startTime = atoi(v[5].c_str()); // [5] start time data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:958:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.endTime = atoi(v[6].c_str()); // [6] end time data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:959:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iMarginStart = atoi(v[7].c_str()); // [7] rec margin at start (sec) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:960:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iMarginEnd = atoi(v[8].c_str()); // [8] rec margin at end (sec) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:974:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iWeekdays = atoi(v[15].c_str()); // [15] DaysOfWeek (converted to Kodi values in the backend) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:975:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.state = (PVR_TIMER_STATE)atoi(v[16].c_str()); // [16] current state of timer data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:977:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iGenreType = atoi(v[18].c_str()); // [18] genre ID data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:978:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iGenreSubType = atoi(v[19].c_str()); // [19] sub genre ID data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:979:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iPreventDuplicateEpisodes = atoi(v[20].c_str()); // [20] WMC RunType data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:980:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iClientIndex = atoi(v[21].c_str()); // [21] Timer ID (in UINT32 form) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:983:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iLifetime = atoi(v[24].c_str()); // [24] Lifetime data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:984:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iMaxRecordings = atoi(v[25].c_str()); // [25] Maximum Recordings (Recording Limit) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:985:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iPriority = atoi(v[26].c_str()); // [26] Priority (in Kodi enum value form) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1013:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iClientIndex = atoi(v[0].c_str()); // [0] Timer ID data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1014:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iClientChannelUid = atoi(v[1].c_str()); // [1] channel id data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1015:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.startTime = atoi(v[2].c_str()); // [2] start time data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1016:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.endTime = atoi(v[3].c_str()); // [3] end time data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1017:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.state = (PVR_TIMER_STATE)atoi(v[4].c_str()); // [4] current state of time data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1023:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iEpgUid = atoi(v[10].c_str()); // [10] epg ID data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1024:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iMarginStart = atoi(v[11].c_str()); // [11] rec margin at start (sec) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1025:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iMarginEnd = atoi(v[12].c_str()); // [12] rec margin at end (sec) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1026:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iGenreType = atoi(v[13].c_str()); // [13] genre ID data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1027:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iGenreSubType = atoi(v[14].c_str()); // [14] sub genre ID data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1032:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iPreventDuplicateEpisodes = atoi(v[19].c_str()); // [19] WMC runType data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1041:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iWeekdays = atoi(v[22].c_str()); // [22] DaysOfWeek (converted to Kodi values in the backend) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1042:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iParentClientIndex = atoi(v[23].c_str()); // [23] Parent Series ID (in UINT32 form) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1043:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iLifetime = atoi(v[24].c_str()); // [24] Lifetime data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1044:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iMaxRecordings = atoi(v[25].c_str()); // [25] Maximum Recordings (Recording Limit) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1045:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xTmr.iPriority = atoi(v[26].c_str()); // [26] Priority (in Kodi enum value form) data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1116:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.recordingTime = atol(v[9].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1117:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iDuration = atoi(v[10].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1118:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iPriority = atoi(v[11].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1119:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iLifetime = atoi(v[12].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1120:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iGenreType = atoi(v[13].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1121:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iGenreSubType = atoi(v[14].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1124:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iLastPlayedPosition = atoi(v[15].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1127:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iPlayCount = atoi(v[24].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1134:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iEpgEventId = atoi(v[18].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1140:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xRec.iChannelUid = atoi(v[17].c_str()); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1636:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cachedSignalStatus.iSignal = (int)(atoi(results[5].c_str()) * 655.35); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1638:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bool error = atoi(results[8].c_str()) == 1; data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1687:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _buffTimeFILTER = atol(results[2].c_str()); // get filter value from swmc data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1727:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1738:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entry.type = (PVR_EDL_TYPE)atoi(vals[2].c_str()); data/kodi-pvr-wmc-2.4.5/src/utilities.cpp:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/kodi-pvr-wmc-2.4.5/src/Socket.cpp:667:3: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(sleepAttemptsMs * 1000); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:34:27: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define STRCPY(dest, src) strncpy(dest, src, sizeof(dest)-1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:182:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(strDescription, description.c_str(), sizeof(strDescription) - 1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:188:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(priorities[i].strDescription, it->second.c_str(), sizeof(priorities[i].strDescription) - 1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:195:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lifetimes[i].strDescription, it->second.c_str(), sizeof(lifetimes[i].strDescription) - 1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:202:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(maxRecordings[i].strDescription, it->second.c_str(), sizeof(maxRecordings[i].strDescription) - 1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:209:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(preventDuplicateEpisodes[i].strDescription, it->second.c_str(), sizeof(preventDuplicateEpisodes[i].strDescription) - 1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:691:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xGroup.strGroupName, v[0].c_str(), sizeof(xGroup.strGroupName) - 1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:727:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xGroupMember.strGroupName, group.strGroupName, sizeof(xGroupMember.strGroupName) - 1); data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:988:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool hasKeyword = strlen(xTmr.strEpgSearchString) > 0; data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1051:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool hasKeyword = strlen(xTmr.strEpgSearchString) > 0; data/kodi-pvr-wmc-2.4.5/src/pvr2wmc.cpp:1386:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(600000); // wait a little (600ms) before we try again ANALYSIS SUMMARY: Hits = 82 Lines analyzed = 3790 in approximately 2.14 seconds (1771 lines/second) Physical Source Lines of Code (SLOC) = 2775 Hits@level = [0] 6 [1] 12 [2] 70 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 88 [1+] 82 [2+] 70 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 31.7117 [1+] 29.5495 [2+] 25.2252 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.