Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vdr-plugin-satip-2.4.0/rtsp.h
Examining data/vdr-plugin-satip-2.4.0/statistics.h
Examining data/vdr-plugin-satip-2.4.0/tunerif.h
Examining data/vdr-plugin-satip-2.4.0/setup.h
Examining data/vdr-plugin-satip-2.4.0/msearch.h
Examining data/vdr-plugin-satip-2.4.0/server.h
Examining data/vdr-plugin-satip-2.4.0/discover.c
Examining data/vdr-plugin-satip-2.4.0/log.h
Examining data/vdr-plugin-satip-2.4.0/config.h
Examining data/vdr-plugin-satip-2.4.0/server.c
Examining data/vdr-plugin-satip-2.4.0/rtcp.h
Examining data/vdr-plugin-satip-2.4.0/satip.c
Examining data/vdr-plugin-satip-2.4.0/param.h
Examining data/vdr-plugin-satip-2.4.0/rtp.h
Examining data/vdr-plugin-satip-2.4.0/deviceif.h
Examining data/vdr-plugin-satip-2.4.0/device.c
Examining data/vdr-plugin-satip-2.4.0/rtp.c
Examining data/vdr-plugin-satip-2.4.0/sectionfilter.h
Examining data/vdr-plugin-satip-2.4.0/rtsp.c
Examining data/vdr-plugin-satip-2.4.0/rtcp.c
Examining data/vdr-plugin-satip-2.4.0/pollerif.h
Examining data/vdr-plugin-satip-2.4.0/poller.h
Examining data/vdr-plugin-satip-2.4.0/socket.c
Examining data/vdr-plugin-satip-2.4.0/config.c
Examining data/vdr-plugin-satip-2.4.0/msearch.c
Examining data/vdr-plugin-satip-2.4.0/param.c
Examining data/vdr-plugin-satip-2.4.0/common.c
Examining data/vdr-plugin-satip-2.4.0/tuner.h
Examining data/vdr-plugin-satip-2.4.0/device.h
Examining data/vdr-plugin-satip-2.4.0/common.h
Examining data/vdr-plugin-satip-2.4.0/setup.c
Examining data/vdr-plugin-satip-2.4.0/statistics.c
Examining data/vdr-plugin-satip-2.4.0/poller.c
Examining data/vdr-plugin-satip-2.4.0/discover.h
Examining data/vdr-plugin-satip-2.4.0/discoverif.h
Examining data/vdr-plugin-satip-2.4.0/socket.h
Examining data/vdr-plugin-satip-2.4.0/tuner.c
Examining data/vdr-plugin-satip-2.4.0/sectionfilter.c
FINAL RESULTS:
data/vdr-plugin-satip-2.4.0/device.c:25:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
deviceNameM(*cString::sprintf("%s %d", *DeviceType(), deviceIndexM)),
data/vdr-plugin-satip-2.4.0/device.c:34:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
*cString::sprintf("SATIP#%d TS", deviceIndexM));
data/vdr-plugin-satip-2.4.0/device.c:119:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%sDevice: %s\n", *info, *device->DeviceName());
data/vdr-plugin-satip-2.4.0/device.c:121:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%sCardIndex: %d HasLock: yes Strength: %d Quality: %d%s\n", *info, device->CardIndex(), device->SignalStrength(), device->SignalQuality(), live ? " Live: yes" : "");
data/vdr-plugin-satip-2.4.0/device.c:123:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%sCardIndex: %d HasLock: no\n", *info, device->CardIndex());
data/vdr-plugin-satip-2.4.0/device.c:126:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%sTransponder: %d Channel: %s\n", *info, channel->Transponder(), channel->Name());
data/vdr-plugin-satip-2.4.0/device.c:128:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%sTransponder: %d\n", *info, channel->Transponder());
data/vdr-plugin-satip-2.4.0/device.c:131:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%sRecording: %d timer%s\n", *info, timers, (timers > 1) ? "s" : "");
data/vdr-plugin-satip-2.4.0/device.c:132:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%s\n", *info);
data/vdr-plugin-satip-2.4.0/device.c:142:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("SAT>IP device: %d\nCardIndex: %d\nStream: %s\nSignal: %s\nStream bitrate: %s\n%sChannel: %s\n",
data/vdr-plugin-satip-2.4.0/device.c:160:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("Active section filters:\n%s", pSectionFilterHandlerM ? *pSectionFilterHandlerM->GetInformation() : "");
data/vdr-plugin-satip-2.4.0/device.c:184:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s = cString::sprintf("%s%s%s",
data/vdr-plugin-satip-2.4.0/device.c:209:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("%s %d", *DeviceType(), deviceIndexM);
data/vdr-plugin-satip-2.4.0/device.c:369:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
deviceNameM = cString::sprintf("%s %d %s", *DeviceType(), deviceIndexM, *cSatipDiscover::GetInstance()->GetServerString(server));
data/vdr-plugin-satip-2.4.0/device.c:377:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
deviceNameM = cString::sprintf("%s %d", *DeviceType(), deviceIndexM);
data/vdr-plugin-satip-2.4.0/discover.c:207:67: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
SATIP_CURL_EASY_SETOPT(handleM, CURLOPT_USERAGENT, *cString::sprintf("vdr-%s/%s", PLUGIN_NAME_I18N, VERSION));
data/vdr-plugin-satip-2.4.0/discover.c:287:36: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString desc = cString::sprintf("%s #%d", !isempty(descP) ? descP : "MyBrokenHardware", n++);
data/vdr-plugin-satip-2.4.0/param.c:502:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d",
data/vdr-plugin-satip-2.4.0/rtcp.c:107:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("RTCP [device %d]", tunerM.GetId());
data/vdr-plugin-satip-2.4.0/rtp.c:164:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("RTP [device %d]", tunerM.GetId());
data/vdr-plugin-satip-2.4.0/rtsp.c:168:67: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
SATIP_CURL_EASY_SETOPT(handleM, CURLOPT_USERAGENT, *cString::sprintf("vdr-%s/%s (device %d)", PLUGIN_NAME_I18N, VERSION, tunerM.GetId()));
data/vdr-plugin-satip-2.4.0/rtsp.c:200:67: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
SATIP_CURL_EASY_SETOPT(handleM, CURLOPT_INTERFACE, *cString::sprintf("host!%s", bindAddrP));
data/vdr-plugin-satip-2.4.0/rtsp.c:245:34: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
transport = cString::sprintf("RTP/AVP;multicast");
data/vdr-plugin-satip-2.4.0/rtsp.c:251:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
transport = cString::sprintf("RTP/AVP/TCP;unicast;interleaved=%u-%u", interleavedRtpIdM, interleavedRtcpIdM);
data/vdr-plugin-satip-2.4.0/rtsp.c:253:37: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
transport = cString::sprintf("RTP/AVP;unicast;client_port=%d-%d", rtpPortP, rtcpPortP);
data/vdr-plugin-satip-2.4.0/satip.c:171:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString info = cString::sprintf("Using CURL %s", data->version);
data/vdr-plugin-satip-2.4.0/satip.c:175:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
info = cString::sprintf("%s %s", *info, data->protocols[i]);
data/vdr-plugin-satip-2.4.0/satip.c:500:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("SATIP information mode: %s\n", mode ? "bytes" : "bits");
data/vdr-plugin-satip-2.4.0/satip.c:520:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("SATIP device count: %u", cSatipDevice::Count());
data/vdr-plugin-satip-2.4.0/satip.c:553:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("SATIP operating mode: %s\n", *mode);
data/vdr-plugin-satip-2.4.0/satip.c:568:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("SATIP tracing mode: 0x%04X\n", SatipConfig.GetTraceMode());
data/vdr-plugin-satip-2.4.0/sectionfilter.c:239:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: cThread(cString::sprintf("SATIP#%d section handler", deviceIndexP)),
data/vdr-plugin-satip-2.4.0/sectionfilter.c:240:75: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ringBufferM(new cRingBufferLinear(bufferLenP, TS_SIZE, false, *cString::sprintf("SATIP %d section handler", deviceIndexP))),
data/vdr-plugin-satip-2.4.0/sectionfilter.c:354:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s = cString::sprintf("%sFilter %d: %s Pid=0x%02X (%s)\n", *s, i,
data/vdr-plugin-satip-2.4.0/server.c:111:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
filtersM = cString::sprintf("%s%s%s", *filtersM, isempty(*filtersM) ? "" : ",", *cSource::ToString(sourceFiltersM[j]));
data/vdr-plugin-satip-2.4.0/server.c:161:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
quirksM = cString::sprintf("%s%sSessionId", *quirksM, isempty(*quirksM) ? "" : ",");
data/vdr-plugin-satip-2.4.0/server.c:163:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
quirksM = cString::sprintf("%s%sPlayPids", *quirksM, isempty(*quirksM) ? "" : ",");
data/vdr-plugin-satip-2.4.0/server.c:165:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
quirksM = cString::sprintf("%s%sForceLock", *quirksM, isempty(*quirksM) ? "" : ",");
data/vdr-plugin-satip-2.4.0/server.c:167:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
quirksM = cString::sprintf("%s%sRtpOverTcp", *quirksM, isempty(*quirksM) ? "" : ",");
data/vdr-plugin-satip-2.4.0/server.c:169:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
quirksM = cString::sprintf("%s%sCiXpmt", *quirksM, isempty(*quirksM) ? "" : ",");
data/vdr-plugin-satip-2.4.0/server.c:171:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
quirksM = cString::sprintf("%s%sCiTnr", *quirksM, isempty(*quirksM) ? "" : ",");
data/vdr-plugin-satip-2.4.0/server.c:173:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
quirksM = cString::sprintf("%s%sForcePilot", *quirksM, isempty(*quirksM) ? "" : ",");
data/vdr-plugin-satip-2.4.0/server.c:492:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
list = cString::sprintf("%s|%s|%s", s->Address(), s->Model(), s->Description());
data/vdr-plugin-satip-2.4.0/server.c:504:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
list = cString::sprintf("%s%c %s|%s|%s\n", *list, s->IsActive() ? '+' : '-', s->Address(), s->Model(), s->Description());
data/vdr-plugin-satip-2.4.0/server.c:506:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
list = cString::sprintf("%s%c %s@%s|%s|%s\n", *list, s->IsActive() ? '+' : '-', s->SrcAddress(), s->Address(), s->Model(), s->Description());
data/vdr-plugin-satip-2.4.0/setup.c:43:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
SetValue(cString::sprintf("%s - %s", *cSource::ToString(source->Code()), source->Description()));
data/vdr-plugin-satip-2.4.0/setup.c:108:87: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
addressM(serverP ? (isempty(serverP->SrcAddress()) ? serverP->Address() : *cString::sprintf("%s@%s", serverP->SrcAddress(), serverP->Address())) : "---"),
data/vdr-plugin-satip-2.4.0/setup.c:126:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Address"), *addressM), osUnknown, false));
data/vdr-plugin-satip-2.4.0/setup.c:127:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Model"), *modelM), osUnknown, false));
data/vdr-plugin-satip-2.4.0/setup.c:128:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Description"), *descriptionM), osUnknown, false));
data/vdr-plugin-satip-2.4.0/setup.c:129:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("CI extension"), *ciExtensionM), osUnknown, false));
data/vdr-plugin-satip-2.4.0/setup.c:130:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Creation date"), *DayDateTime(createdM)), osUnknown, false));
data/vdr-plugin-satip-2.4.0/setup.c:170:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
SetText(*cString::sprintf("%s %s (%s)\t%s", serverM->IsActive() ? "+" : "-", isempty(serverM->SrcAddress()) ? serverM->Address() : *cString::sprintf("%s@%s", serverM->SrcAddress(), serverM->Address()), serverM->Model(), serverM->Description()));
data/vdr-plugin-satip-2.4.0/setup.c:170:144: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
SetText(*cString::sprintf("%s %s (%s)\t%s", serverM->IsActive() ? "+" : "-", isempty(serverM->SrcAddress()) ? serverM->Address() : *cString::sprintf("%s@%s", serverM->SrcAddress(), serverM->Address()), serverM->Model(), serverM->Description()));
data/vdr-plugin-satip-2.4.0/setup.c:396:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cMenuEditStraItem(*cString::sprintf(" %s #%d", tr("CI/CAM"), i + 1), &cicamsM[i], ELEMENTS(cicamTextsM), cicamTextsM));
data/vdr-plugin-satip-2.4.0/setup.c:407:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cSatipEditSrcItem(*cString::sprintf(" %s %d", trVDR("Source"), i + 1), &disabledSourcesM[i]));
data/vdr-plugin-satip-2.4.0/setup.c:415:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
Add(new cMenuEditStraItem(*cString::sprintf(" %s %d", tr("Filter"), i + 1), &disabledFilterIndexesM[i], SECTION_FILTER_TABLE_SIZE, disabledFilterNamesM));
data/vdr-plugin-satip-2.4.0/setup.c:499:66: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return AddSubMenu(new cMenuText(cString::sprintf("%s - %s '%s'", tr("Help"), trVDR("Plugin"), PLUGIN_NAME_I18N), helpM[Current()]));
data/vdr-plugin-satip-2.4.0/setup.c:526:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buffer = cString::sprintf("%s %d", *buffer, cicamsP[i]);
data/vdr-plugin-satip-2.4.0/setup.c:528:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buffer = cString::sprintf("%d", cicamsP[i]);
data/vdr-plugin-satip-2.4.0/setup.c:542:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buffer = cString::sprintf("%s %s", *buffer, *cSource::ToString(sourcesP[i]));
data/vdr-plugin-satip-2.4.0/setup.c:544:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buffer = cString::sprintf("%s", *cSource::ToString(sourcesP[i]));
data/vdr-plugin-satip-2.4.0/setup.c:558:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buffer = cString::sprintf("%s %d", *buffer, valuesP[i]);
data/vdr-plugin-satip-2.4.0/setup.c:560:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buffer = cString::sprintf("%d", valuesP[i]);
data/vdr-plugin-satip-2.4.0/statistics.c:40:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString s = cString::sprintf("%4ld (%4ld k%s/s)", numberOfCallsM, bitrate,
data/vdr-plugin-satip-2.4.0/statistics.c:87:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s = cString::sprintf("%sPid %d: %4d (%4ld k%s/s)\n", *s, i,
data/vdr-plugin-satip-2.4.0/statistics.c:163:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString s = cString::sprintf("%ld k%s/s", bitrate, SatipConfig.GetUseBytes() ? "B" : "bit");
data/vdr-plugin-satip-2.4.0/statistics.c:207:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString s = cString::sprintf("Buffer bitrate: %ld k%s/s\nBuffer usage: %ld/%ld k%s (%2.1f%%)\n", bitrate,
data/vdr-plugin-satip-2.4.0/tuner.c:19:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
: cThread(cString::sprintf("SATIP#%d tuner", deviceP.GetId())),
data/vdr-plugin-satip-2.4.0/tuner.c:221:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString uri = cString::sprintf("%sstream=%d?%s", *connectionUri, streamIdM, *streamParamM);
data/vdr-plugin-satip-2.4.0/tuner.c:229:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString uri = cString::sprintf("%s?%s", *connectionUri, *streamParamM);
data/vdr-plugin-satip-2.4.0/tuner.c:260:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString uri = cString::sprintf("%sstream=%d", *GetBaseUrl(*streamAddrM, streamPortM), streamIdM);
data/vdr-plugin-satip-2.4.0/tuner.c:423:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("rtsp://%s:%d/", addressP, portP);
data/vdr-plugin-satip-2.4.0/tuner.c:425:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("rtsp://%s/", addressP);
data/vdr-plugin-satip-2.4.0/tuner.c:447:62: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
streamParamM = rtspM.RtspUnescapeString(*cString::sprintf("%s&plts=on", parameterP));
data/vdr-plugin-satip-2.4.0/tuner.c:486:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString uri = cString::sprintf("%sstream=%d", *GetBaseUrl(*streamAddrM, streamPortM), streamIdM);
data/vdr-plugin-satip-2.4.0/tuner.c:491:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
uri = cString::sprintf("%s?pids=%s", *uri, *pidsM.ListPids());
data/vdr-plugin-satip-2.4.0/tuner.c:493:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
uri = cString::sprintf("%s,%d", *uri, eDummyPid);
data/vdr-plugin-satip-2.4.0/tuner.c:497:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
uri = cString::sprintf("%s?addpids=%s", *uri, *addPidsM.ListPids());
data/vdr-plugin-satip-2.4.0/tuner.c:499:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
uri = cString::sprintf("%s%sdelpids=%s", *uri, addPidsM.Size() ? "&" : "?", *delPidsM.ListPids());
data/vdr-plugin-satip-2.4.0/tuner.c:512:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
uri = cString::sprintf("%s&x_pmt=%d", *uri, pid);
data/vdr-plugin-satip-2.4.0/tuner.c:514:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
uri = cString::sprintf("%s&x_ci=%d", *uri, slot);
data/vdr-plugin-satip-2.4.0/tuner.c:523:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
uri = cString::sprintf("%s&tnr=%s", *uri, *param);
data/vdr-plugin-satip-2.4.0/tuner.c:563:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString uri = cString::sprintf("%sstream=%d", *GetBaseUrl(*streamAddrM, streamPortM), streamIdM);
data/vdr-plugin-satip-2.4.0/tuner.c:698:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return cString::sprintf("lock=%d strength=%d quality=%d frontend=%d", HasLock(), SignalStrength(), SignalQuality(), FrontendId());
data/vdr-plugin-satip-2.4.0/tuner.c:704:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return (currentStateM >= tsTuned) ? cString::sprintf("%s?%s (%s) [stream=%d]", *GetBaseUrl(*streamAddrM, streamPortM), *streamParamM, *rtspM.GetActiveMode(), streamIdM) : "connection failed";
data/vdr-plugin-satip-2.4.0/tuner.h:45:28: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
list = cString::sprintf("%s%d,", *list, At(i));
data/vdr-plugin-satip-2.4.0/tuner.h:74:43: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString GetInfo(void) { return cString::sprintf("server=%s deviceid=%d transponder=%d", serverM ? "assigned" : "null", deviceIdM, transponderM); }
data/vdr-plugin-satip-2.4.0/satip.c:117:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "d:t:s:p:r:DSn", long_options, NULL)) != -1) {
data/vdr-plugin-satip-2.4.0/common.h:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64]; \
data/vdr-plugin-satip-2.4.0/common.h:117:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dataM[sizeM]), dataP, sizeP);
data/vdr-plugin-satip-2.4.0/param.c:146:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255];
data/vdr-plugin-satip-2.4.0/param.c:153:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int src = (strchr("S", type) && source) ? atoi(source->Description()) : 1;
data/vdr-plugin-satip-2.4.0/satip.c:344:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cicamsP[n++] = atoi(r);
data/vdr-plugin-satip-2.4.0/satip.c:373:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/vdr-plugin-satip-2.4.0/satip.c:377:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(buffer);
data/vdr-plugin-satip-2.4.0/satip.c:392:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SatipConfig.SetOperatingMode(atoi(valueP));
data/vdr-plugin-satip-2.4.0/satip.c:394:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SatipConfig.SetCIExtension(atoi(valueP));
data/vdr-plugin-satip-2.4.0/satip.c:404:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SatipConfig.SetEITScan(atoi(valueP));
data/vdr-plugin-satip-2.4.0/satip.c:422:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SatipConfig.SetTransportMode(atoi(valueP));
data/vdr-plugin-satip-2.4.0/satip.c:480:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(option);
data/vdr-plugin-satip-2.4.0/satip.c:483:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
page = atoi(num);
data/vdr-plugin-satip-2.4.0/sectionfilter.c:54:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/vdr-plugin-satip-2.4.0/sectionfilter.c:58:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/vdr-plugin-satip-2.4.0/sectionfilter.c:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secBufBaseM + tsFeedpM, bufP, lenP);
data/vdr-plugin-satip-2.4.0/server.c:187:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(c + 6);
data/vdr-plugin-satip-2.4.0/server.c:192:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(c + 5);
data/vdr-plugin-satip-2.4.0/server.c:197:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(c + 6);
data/vdr-plugin-satip-2.4.0/server.c:202:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(c + 5);
data/vdr-plugin-satip-2.4.0/server.c:207:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(c + 6);
data/vdr-plugin-satip-2.4.0/setup.h:22:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *operatingModeTextsM[cSatipConfig::eOperatingModeCount];
data/vdr-plugin-satip-2.4.0/setup.h:23:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *transportModeTextsM[cSatipConfig::eTransportModeCount];
data/vdr-plugin-satip-2.4.0/setup.h:26:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cicamTextsM[CA_SYSTEMS_TABLE_SIZE];
data/vdr-plugin-satip-2.4.0/setup.h:32:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *disabledFilterNamesM[SECTION_FILTER_TABLE_SIZE];
data/vdr-plugin-satip-2.4.0/socket.c:175:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/vdr-plugin-satip-2.4.0/socket.c:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[256];
data/vdr-plugin-satip-2.4.0/tuner.c:321:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[lengthP];
data/vdr-plugin-satip-2.4.0/tuner.c:322:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, (char *)bufferP, lengthP);
data/vdr-plugin-satip-2.4.0/tuner.c:329:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frontendIdM = atoi(c + 7);
data/vdr-plugin-satip-2.4.0/tuner.c:338:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = min(atoi(++c), 255);
data/vdr-plugin-satip-2.4.0/tuner.c:348:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hasLockM = !!atoi(++c);
data/vdr-plugin-satip-2.4.0/tuner.c:357:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = min(atoi(++c), 15);
data/vdr-plugin-satip-2.4.0/msearch.c:49:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Write(bcastAddressS, reinterpret_cast<const unsigned char *>(bcastMessageS), strlen(bcastMessageS));
data/vdr-plugin-satip-2.4.0/msearch.c:51:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Write(bcastAddressS, reinterpret_cast<const unsigned char *>(bcastMessageS), strlen(bcastMessageS));
ANALYSIS SUMMARY:
Hits = 124
Lines analyzed = 7750 in approximately 0.20 seconds (39242 lines/second)
Physical Source Lines of Code (SLOC) = 6308
Hits@level = [0] 23 [1] 2 [2] 33 [3] 1 [4] 88 [5] 0
Hits@level+ = [0+] 147 [1+] 124 [2+] 122 [3+] 89 [4+] 88 [5+] 0
Hits/KSLOC@level+ = [0+] 23.3037 [1+] 19.6576 [2+] 19.3405 [3+] 14.1091 [4+] 13.9505 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.