stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/freetuxtv-0.6.8~dfsg1/lib/libdbevolution/db-evolution-instance.c
Examining data/freetuxtv-0.6.8~dfsg1/lib/libdbevolution/db-evolution-instance.h
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-include.h
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-instance.c
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-instance.h
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-media-player.c
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-media-player.h
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-media.c
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-media.h
Examining data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-private.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-app.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-cclosure-marshal.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-cclosure-marshal.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-cellrenderer-channelslist.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-cellrenderer-channelslist.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-cellrenderer-recordingslist.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-cellrenderer-recordingslist.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-channel-infos.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-channel-infos.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-channels-group-infos.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-channels-group-infos.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-channels-list.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-channels-list.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-db-sync.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-db-sync.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-fileutils.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-fileutils.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-gladexml.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-i18n.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-models.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-models.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-player-error-dialog.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-recording-infos.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-recording-infos.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-recordings-list.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-recordings-list.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-tv-channel-infos.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-tv-channel-infos.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-tv-channels-list.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-tv-channels-list.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-utils.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-utils.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-add-channels-group.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-add-channels-group.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-add-recording.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-add-recording.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-channel-properties.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-channel-properties.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-main.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-main.h
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-tv-channels-database.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-tv-channels-database.h
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-dialog.c
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-dialog.h
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-object.c
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-object.h
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-widget.c
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-widget.h
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-window.c
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-builder-window.h
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-date-time-picker.h
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-progress-dialog.h
Examining data/freetuxtv-0.6.8~dfsg1/src/lib-gmmkeys.c
Examining data/freetuxtv-0.6.8~dfsg1/src/lib-gmmkeys.h
Examining data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c
Examining data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.h
Examining data/freetuxtv-0.6.8~dfsg1/src/main.c
Examining data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-player-error-dialog.c
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-date-time-picker.c
Examining data/freetuxtv-0.6.8~dfsg1/src/gtk-progress-dialog.c

FINAL RESULTS:

data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:75:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					strcpy(argv[argc - 1], textline);
data/freetuxtv-0.6.8~dfsg1/src/main.c:880:44:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	app->prefs.directoryrecordings = g_strdup(g_get_home_dir());
data/freetuxtv-0.6.8~dfsg1/lib/libvlc-gtk/gtk-libvlc-media-player.c:255:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&allocation, &(widget->allocation), sizeof(GtkAllocation));
data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-fileutils.c:74:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE * fp = fopen(dst_file, "w"); 
data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-add-recording.c:287:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	duration = atoi(szDurationText);
data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-window-main.c:1877:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		app->prefs.timeout = atoi(text);
data/freetuxtv-0.6.8~dfsg1/src/gtk-date-time-picker.c:362:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	hour = atoi(szTmp);
data/freetuxtv-0.6.8~dfsg1/src/gtk-date-time-picker.c:365:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	minute = atoi(szTmp);
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:49:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen (file, "r");
data/freetuxtv-0.6.8~dfsg1/src/main.c:1337:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer [80];
data/freetuxtv-0.6.8~dfsg1/lib/libdbevolution/db-evolution-instance.c:147:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tagslen = strlen(DBEVOLUTION_DBVERSION_TAGS);
data/freetuxtv-0.6.8~dfsg1/lib/libdbevolution/db-evolution-instance.c:263:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tagslen = strlen(DBEVOLUTION_DBVERSION_TAGS);
data/freetuxtv-0.6.8~dfsg1/src/freetuxtv-player-error-dialog.c:142:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		gtk_text_buffer_set_text (priv->pTextBuffer, message, strlen(message));
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:37:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  	ssize_t read;
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:58:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if(read != 0){
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:63:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy (textline, line, (endline + 1));
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:153:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(tmp, begin, cars);
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:159:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			end = begin + strlen(begin);
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:162:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(tmp, begin, cars);
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:212:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				strncpy(optname, begin, cars);
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:223:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					end = argv[i] + strlen(argv[i]);
data/freetuxtv-0.6.8~dfsg1/src/lib-m3uparser.c:227:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
					strncpy((*ext_data)[nb-1], begin, cars);

ANALYSIS SUMMARY:

Hits = 22
Lines analyzed = 21473 in approximately 0.42 seconds (51186 lines/second)
Physical Source Lines of Code (SLOC) = 15404
Hits@level = [0]   2 [1]  12 [2]   8 [3]   1 [4]   1 [5]   0
Hits@level+ = [0+]  24 [1+]  22 [2+]  10 [3+]   2 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 1.55804 [1+] 1.4282 [2+] 0.649182 [3+] 0.129836 [4+] 0.0649182 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.