Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mumudvb-1.7.1/src/autoconf.c
Examining data/mumudvb-1.7.1/src/autoconf.h
Examining data/mumudvb-1.7.1/src/autoconf_atsc.c
Examining data/mumudvb-1.7.1/src/autoconf_nit.c
Examining data/mumudvb-1.7.1/src/autoconf_pmt.c
Examining data/mumudvb-1.7.1/src/autoconf_sdt.c
Examining data/mumudvb-1.7.1/src/cam.c
Examining data/mumudvb-1.7.1/src/cam.h
Examining data/mumudvb-1.7.1/src/crc32.c
Examining data/mumudvb-1.7.1/src/dvb.c
Examining data/mumudvb-1.7.1/src/dvb.h
Examining data/mumudvb-1.7.1/src/errors.h
Examining data/mumudvb-1.7.1/src/log.c
Examining data/mumudvb-1.7.1/src/log.h
Examining data/mumudvb-1.7.1/src/multicast.c
Examining data/mumudvb-1.7.1/src/mumudvb.c
Examining data/mumudvb-1.7.1/src/mumudvb.h
Examining data/mumudvb-1.7.1/src/mumudvb_common.c
Examining data/mumudvb-1.7.1/src/mumudvb_test.c
Examining data/mumudvb-1.7.1/src/network.c
Examining data/mumudvb-1.7.1/src/network.h
Examining data/mumudvb-1.7.1/src/pat_rewrite.c
Examining data/mumudvb-1.7.1/src/rewrite.c
Examining data/mumudvb-1.7.1/src/rewrite.h
Examining data/mumudvb-1.7.1/src/rtp.c
Examining data/mumudvb-1.7.1/src/rtp.h
Examining data/mumudvb-1.7.1/src/sap.c
Examining data/mumudvb-1.7.1/src/sap.h
Examining data/mumudvb-1.7.1/src/sdt_rewrite.c
Examining data/mumudvb-1.7.1/src/transcode.c
Examining data/mumudvb-1.7.1/src/transcode.h
Examining data/mumudvb-1.7.1/src/transcode_avlib.c
Examining data/mumudvb-1.7.1/src/transcode_avlib.h
Examining data/mumudvb-1.7.1/src/transcode_common.c
Examining data/mumudvb-1.7.1/src/transcode_common.h
Examining data/mumudvb-1.7.1/src/transcode_queues.c
Examining data/mumudvb-1.7.1/src/transcode_queues.h
Examining data/mumudvb-1.7.1/src/ts.c
Examining data/mumudvb-1.7.1/src/ts.h
Examining data/mumudvb-1.7.1/src/tune.c
Examining data/mumudvb-1.7.1/src/tune.h
Examining data/mumudvb-1.7.1/src/unicast_clients.c
Examining data/mumudvb-1.7.1/src/unicast_http.c
Examining data/mumudvb-1.7.1/src/unicast_http.h
Examining data/mumudvb-1.7.1/src/unicast_queue.c
Examining data/mumudvb-1.7.1/src/unicast_queue.h
FINAL RESULTS:
data/mumudvb-1.7.1/src/autoconf.c:180:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", autoconf_vars->autoconf_ip4);
data/mumudvb-1.7.1/src/autoconf.c:191:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", autoconf_vars->autoconf_ip6);
data/mumudvb-1.7.1/src/autoconf.c:209:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(autoconf_vars->autoconf_unicast_port,substring);
data/mumudvb-1.7.1/src/autoconf.c:221:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(autoconf_vars->autoconf_multicast_port,substring);
data/mumudvb-1.7.1/src/autoconf.c:245:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(autoconf_vars->name_template,strtok(substring,"\n"));
data/mumudvb-1.7.1/src/autoconf.c:676:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(channels[channel_number].name,parameters.name_template);
data/mumudvb-1.7.1/src/autoconf.c:685:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(channels[channel_number].name,actual_service->name);
data/mumudvb-1.7.1/src/autoconf.c:694:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstring,parameters.autoconf_multicast_port);
data/mumudvb-1.7.1/src/autoconf.c:711:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip,parameters.autoconf_ip4);
data/mumudvb-1.7.1/src/autoconf.c:734:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip,parameters.autoconf_ip6);
data/mumudvb-1.7.1/src/autoconf.c:743:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(channels[channel_number].ip6Out,ip);
data/mumudvb-1.7.1/src/autoconf.c:787:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstring,parameters.autoconf_unicast_port);
data/mumudvb-1.7.1/src/autoconf.c:979:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (filename_gen_conf, GEN_CONF_PATH, card, tuner);
data/mumudvb-1.7.1/src/dvb.c:445:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(card_dev_path,DVB_DEV_PATH,card);
data/mumudvb-1.7.1/src/dvb.c:591:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(card_dev_path,DVB_DEV_PATH,card_number);
data/mumudvb-1.7.1/src/log.c:151:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_params.log_header,"%s",substring);
data/mumudvb-1.7.1/src/log.c:242:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_params.log_header,"%s",DEFAULT_LOG_HEADER);
data/mumudvb-1.7.1/src/log.c:276:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
message_size=vsnprintf(NULL, 0, psz_format, args);
data/mumudvb-1.7.1/src/log.c:293:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(tempchar, psz_format, args );
data/mumudvb-1.7.1/src/log.c:512:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_line_temp,current_line);
data/mumudvb-1.7.1/src/multicast.c:95:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", channels[*curr_channel].ip4Out);
data/mumudvb-1.7.1/src/multicast.c:106:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", channels[*curr_channel].ip6Out);
data/mumudvb-1.7.1/src/multicast.c:136:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", multicast_vars->iface4);
data/mumudvb-1.7.1/src/multicast.c:147:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", multicast_vars->iface6);
data/mumudvb-1.7.1/src/mumudvb.c:785:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chan_and_pids.channels[curr_channel].name,strtok(substring,"\n"));
data/mumudvb-1.7.1/src/mumudvb.c:806:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename_pid,substring);
data/mumudvb-1.7.1/src/mumudvb.c:881:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tuneparams.card_dev_path,DVB_DEV_PATH,tuneparams.card);
data/mumudvb-1.7.1/src/mumudvb.c:939:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (filename_gen_conf, GEN_CONF_PATH,
data/mumudvb-1.7.1/src/mumudvb.c:997:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (filename_channels_streamed, STREAMED_LIST_PATH,
data/mumudvb-1.7.1/src/mumudvb.c:999:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (filename_channels_not_streamed, NOT_STREAMED_LIST_PATH,
data/mumudvb-1.7.1/src/mumudvb.c:1002:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (cam_vars.filename_cam_info, CAM_INFO_LIST_PATH,
data/mumudvb-1.7.1/src/mumudvb.c:1825:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chan_and_pids.channels[curr_channel].transcode_options.ip, chan_and_pids.channels[curr_channel].ip4Out);
data/mumudvb-1.7.1/src/mumudvb_common.c:122:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstring,source);
data/mumudvb-1.7.1/src/mumudvb_common.c:155:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(source,tempstring);
data/mumudvb-1.7.1/src/mumudvb_common.c:159:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(source,tempstring);
data/mumudvb-1.7.1/src/mumudvb_common.c:234:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size=vsnprintf(NULL, 0, psz_format, args);
data/mumudvb-1.7.1/src/mumudvb_common.c:243:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string->string+string->length, size+1, psz_format, args);
data/mumudvb-1.7.1/src/mumudvb_test.c:122:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip,ip0);
data/mumudvb-1.7.1/src/mumudvb_test.c:140:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip,ip1);
data/mumudvb-1.7.1/src/sap.c:80:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sap_vars->sap_organisation,strtok(substring,"\n"));
data/mumudvb-1.7.1/src/sap.c:92:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sap_vars->sap_uri,strtok(substring,"\n"));
data/mumudvb-1.7.1/src/sap.c:112:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", sap_vars->sap_sending_ip4);
data/mumudvb-1.7.1/src/sap.c:123:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", sap_vars->sap_sending_ip6);
data/mumudvb-1.7.1/src/sap.c:141:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (current_channel->sap_group, substring);
data/mumudvb-1.7.1/src/sap.c:152:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sap_vars->sap_default_group, substring);
data/mumudvb-1.7.1/src/sap.c:514:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(channel->sap_group,sap_vars->sap_default_group);
data/mumudvb-1.7.1/src/transcode.c:234:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(struct_option_name, *substring);\
data/mumudvb-1.7.1/src/transcode.c:279:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stremaing_type_string, *substring);
data/mumudvb-1.7.1/src/transcode.c:314:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(profile_string, *substring);
data/mumudvb-1.7.1/src/transcode.c:373:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(transcode_options->video_codec, codec_str);
data/mumudvb-1.7.1/src/transcode.c:387:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aac_profile_string, *substring);
data/mumudvb-1.7.1/src/transcode.c:493:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(struct_dest->option_name, struct_source->option_name);\
data/mumudvb-1.7.1/src/transcode_avlib.c:688:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_context->filename, url);
data/mumudvb-1.7.1/src/transcode_avlib.c:1215:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url, "rtp://%s:%d", transcode_thread_data->options->ip, rtp_port);
data/mumudvb-1.7.1/src/tune.c:203:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tuneparams->card_dev_path, substring);
data/mumudvb-1.7.1/src/tune.c:211:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", substring);
data/mumudvb-1.7.1/src/tune.c:238:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", substring);
data/mumudvb-1.7.1/src/tune.c:268:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", substring);
data/mumudvb-1.7.1/src/tune.c:302:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", substring);
data/mumudvb-1.7.1/src/tune.c:337:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", substring);
data/mumudvb-1.7.1/src/tune.c:377:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", substring);
data/mumudvb-1.7.1/src/tune.c:432:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", substring);
data/mumudvb-1.7.1/src/unicast_http.c:142:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (substring, "%s\n", unicast_vars->ipOut);
data/mumudvb-1.7.1/src/unicast_http.c:187:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(unicast_vars->portOut_str,substring);
data/mumudvb-1.7.1/src/unicast_http.c:895:23: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int estimated_len = vsnprintf(NULL, 0, msg, args); /* !! imply gcc -std=c99 */
data/mumudvb-1.7.1/src/unicast_http.c:910:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int real_len = vsnprintf(*buffer+*used, *length - *used, msg, args);
data/mumudvb-1.7.1/src/mumudvb.c:440:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, short_options,
data/mumudvb-1.7.1/src/autoconf.c:112:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
autoconf_vars->autoconf_scrambled = atoi (substring);
data/mumudvb-1.7.1/src/autoconf.c:117:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
autoconf_vars->autoconf_pid_update = atoi (substring);
data/mumudvb-1.7.1/src/autoconf.c:122:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi (substring)==2)
data/mumudvb-1.7.1/src/autoconf.c:124:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(atoi (substring)==1)
data/mumudvb-1.7.1/src/autoconf.c:143:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
autoconf_vars->autoconf_radios = atoi (substring);
data/mumudvb-1.7.1/src/autoconf.c:197:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(autoconf_vars->autoconf_unicast_port,"%d +%%number",atoi (substring));
data/mumudvb-1.7.1/src/autoconf.c:197:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(autoconf_vars->autoconf_unicast_port,"%d +%%number",atoi (substring));
data/mumudvb-1.7.1/src/autoconf.c:236:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
autoconf_vars->service_id_list[autoconf_vars->num_service_id] = atoi (substring);
data/mumudvb-1.7.1/src/autoconf.c:618:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[256];
data/mumudvb-1.7.1/src/autoconf.c:678:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/mumudvb-1.7.1/src/autoconf.c:680:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",channel_number+1);
data/mumudvb-1.7.1/src/autoconf.c:688:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/mumudvb-1.7.1/src/autoconf.c:689:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[80];
data/mumudvb-1.7.1/src/autoconf.c:695:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",channel_number);
data/mumudvb-1.7.1/src/autoconf.c:697:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",card);
data/mumudvb-1.7.1/src/autoconf.c:699:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuner);
data/mumudvb-1.7.1/src/autoconf.c:701:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",server_id);
data/mumudvb-1.7.1/src/autoconf.c:712:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",channel_number);
data/mumudvb-1.7.1/src/autoconf.c:714:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",card);
data/mumudvb-1.7.1/src/autoconf.c:716:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuner);
data/mumudvb-1.7.1/src/autoconf.c:718:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",server_id);
data/mumudvb-1.7.1/src/autoconf.c:729:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(channels[channel_number].ip4Out,"%d.%d.%d.%d",tn[0],tn[1],tn[2],tn[3]); // In C the evalutation order of arguments in a fct is undefined, no more easy factoring
data/mumudvb-1.7.1/src/autoconf.c:735:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",channel_number);
data/mumudvb-1.7.1/src/autoconf.c:737:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",card);
data/mumudvb-1.7.1/src/autoconf.c:739:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuner);
data/mumudvb-1.7.1/src/autoconf.c:741:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",server_id);
data/mumudvb-1.7.1/src/autoconf.c:789:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/mumudvb-1.7.1/src/autoconf.c:790:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",channel_number);
data/mumudvb-1.7.1/src/autoconf.c:792:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",card);
data/mumudvb-1.7.1/src/autoconf.c:794:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuner);
data/mumudvb-1.7.1/src/autoconf.c:796:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",server_id);
data/mumudvb-1.7.1/src/autoconf.c:978:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_gen_conf[256];
data/mumudvb-1.7.1/src/autoconf.c:1068:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcn[4];
data/mumudvb-1.7.1/src/autoconf.c:1074:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lcn,"%03d",chan_and_pids->channels[curr_channel].logical_channel_number);
data/mumudvb-1.7.1/src/autoconf.c:1076:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lcn,"%02d",chan_and_pids->channels[curr_channel].logical_channel_number);
data/mumudvb-1.7.1/src/autoconf.h:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LEN];
data/mumudvb-1.7.1/src/autoconf.h:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char autoconf_ip4[80];
data/mumudvb-1.7.1/src/autoconf.h:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char autoconf_ip6[80];
data/mumudvb-1.7.1/src/autoconf.h:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char autoconf_unicast_port[256];
data/mumudvb-1.7.1/src/autoconf.h:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char autoconf_multicast_port[256];
data/mumudvb-1.7.1/src/autoconf.h:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_template[MAX_NAME_LEN];
data/mumudvb-1.7.1/src/autoconf_atsc.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unconverted_short_name[15];//2*7 + 1 (for '\0')
data/mumudvb-1.7.1/src/autoconf_atsc.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8_short_name[15];
data/mumudvb-1.7.1/src/autoconf_atsc.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_name[MAX_NAME_LEN];
data/mumudvb-1.7.1/src/autoconf_atsc.c:153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (unconverted_short_name, vct_channel->short_name, 14*sizeof(uint8_t));
data/mumudvb-1.7.1/src/autoconf_atsc.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (utf8_short_name, vct_channel->short_name, 14*sizeof(uint8_t));
data/mumudvb-1.7.1/src/autoconf_atsc.c:299:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_service->name, channel_name, strlen(channel_name));
data/mumudvb-1.7.1/src/autoconf_nit.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language_code[4];
data/mumudvb-1.7.1/src/autoconf_nit.c:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, buf, name_len);
data/mumudvb-1.7.1/src/autoconf_nit.c:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, buf, descriptor_len);
data/mumudvb-1.7.1/src/autoconf_pmt.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_pids_language[MAX_PIDS_PAR_CHAINE][4];
data/mumudvb-1.7.1/src/autoconf_pmt.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[4]="";
data/mumudvb-1.7.1/src/autoconf_sdt.c:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuf[MAX_NAME_LEN];
data/mumudvb-1.7.1/src/autoconf_sdt.c:353:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name, buf, len);
data/mumudvb-1.7.1/src/cam.c:137:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cam_vars->cam_support = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:147:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cam_vars->cam_reask_interval = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:152:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cam_vars->reset_interval = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:158:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cam_vars->cam_number = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:163:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cam_vars->cam_delay_pmt_send = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:168:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cam_vars->cam_interval_pmt_send = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:173:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cam_vars->cam_pmt_follow = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:184:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
current_channel->pmt_pid = atoi (substring);
data/mumudvb-1.7.1/src/cam.c:681:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_cam_info = fopen (cam_params->filename_cam_info, "a");
data/mumudvb-1.7.1/src/cam.c:719:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_cam_info = fopen (cam_params->filename_cam_info, "a");
data/mumudvb-1.7.1/src/cam.h:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char app_name[256];
data/mumudvb-1.7.1/src/cam.h:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mmi_enq_answer[10];
data/mumudvb-1.7.1/src/cam.h:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_cam_info[DEFAULT_PATH_LEN];
data/mumudvb-1.7.1/src/dvb.c:62:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*fd_frontend = open (frontend_name, O_RDWR | O_NONBLOCK)) < 0)
data/mumudvb-1.7.1/src/dvb.c:232:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fds->fd_demuxer[curr_pid] = open (demuxdev_name, O_RDWR)) < 0)
data/mumudvb-1.7.1/src/dvb.c:245:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fds->fd_dvr = open (dvrdev_name, O_RDONLY | O_NONBLOCK)) < 0)
data/mumudvb-1.7.1/src/dvb.c:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[128];
data/mumudvb-1.7.1/src/dvb.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card_dev_path[256];
data/mumudvb-1.7.1/src/dvb.c:562:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
card_number= atoi(d_adapter->d_name+7);
data/mumudvb-1.7.1/src/dvb.c:579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card_dev_path[256];
data/mumudvb-1.7.1/src/dvb.c:604:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuner_number= atoi(d_tuner->d_name+strlen(FRONTEND_DEV_NAME));
data/mumudvb-1.7.1/src/log.c:83:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats_infos->show_traffic_interval= atoi (substring);
data/mumudvb-1.7.1/src/log.c:93:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats_infos->compute_traffic_interval= atoi (substring);
data/mumudvb-1.7.1/src/log.c:103:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats_infos->up_threshold= atoi (substring);
data/mumudvb-1.7.1/src/log.c:108:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats_infos->down_threshold= atoi (substring);
data/mumudvb-1.7.1/src/log.c:113:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stats_infos->debug_updown= atoi (substring);
data/mumudvb-1.7.1/src/log.c:255:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestring[40];
data/mumudvb-1.7.1/src/log.c:258:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timestring,"%jd", (intmax_t)actual_time);
data/mumudvb-1.7.1/src/log.c:264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstring[10];
data/mumudvb-1.7.1/src/log.c:265:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pidstring, "%d", getpid ());
data/mumudvb-1.7.1/src/log.c:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lang[5];
data/mumudvb-1.7.1/src/log.c:429:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_streamed_channels = fopen (file_streamed_channels_filename, "w");
data/mumudvb-1.7.1/src/log.c:438:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_not_streamed_channels = fopen (file_not_streamed_channels_filename, "w");
data/mumudvb-1.7.1/src/log.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_line[CONF_LINELEN];
data/mumudvb-1.7.1/src/log.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_line_temp[CONF_LINELEN];
data/mumudvb-1.7.1/src/log.c:487:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
orig_conf_file = fopen (orig_conf_filename, "r");
data/mumudvb-1.7.1/src/log.c:496:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
config_file = fopen (saving_filename, "w");
data/mumudvb-1.7.1/src/log.c:569:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
config_file = fopen (saving_filename, "a");
data/mumudvb-1.7.1/src/log.c:612:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[128];
data/mumudvb-1.7.1/src/multicast.c:58:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multicast_vars->common_port = atoi (substring);
data/mumudvb-1.7.1/src/multicast.c:63:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multicast_vars->ttl = atoi (substring);
data/mumudvb-1.7.1/src/multicast.c:68:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multicast_vars->multicast = atoi (substring);
data/mumudvb-1.7.1/src/multicast.c:73:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multicast_vars->multicast_ipv4 = atoi (substring);
data/mumudvb-1.7.1/src/multicast.c:78:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multicast_vars->multicast_ipv6 = atoi (substring);
data/mumudvb-1.7.1/src/multicast.c:83:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multicast_vars->auto_join = atoi (substring);
data/mumudvb-1.7.1/src/multicast.c:118:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channels[*curr_channel].portOut = atoi (substring);
data/mumudvb-1.7.1/src/multicast.c:123:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
multicast_vars->rtp_header = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_channels_not_streamed[DEFAULT_PATH_LEN];
data/mumudvb-1.7.1/src/mumudvb.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_channels_streamed[DEFAULT_PATH_LEN];
data/mumudvb-1.7.1/src/mumudvb.c:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_pid[DEFAULT_PATH_LEN]=PIDFILE_PATH;
data/mumudvb-1.7.1/src/mumudvb.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_gen_conf[DEFAULT_PATH_LEN];
data/mumudvb-1.7.1/src/mumudvb.c:398:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_line[CONF_LINELEN];
data/mumudvb-1.7.1/src/mumudvb.c:459:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cmdlinecard=atoi(optarg);
data/mumudvb-1.7.1/src/mumudvb.c:465:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
server_id = atoi(optarg);
data/mumudvb-1.7.1/src/mumudvb.c:540:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conf_file = fopen (conf_filename, "r");
data/mumudvb-1.7.1/src/mumudvb.c:565:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conf_file = fopen (conf_filename, "r");
data/mumudvb-1.7.1/src/mumudvb.c:672:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout_no_diff= atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:677:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chan_and_pids.dont_send_scrambled = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:682:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chan_and_pids.filter_transport_error = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:701:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
card_buffer.dvr_buffer_size = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:716:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
card_buffer.threaded_read = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:726:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
card_buffer.max_thread_buffer_size = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:739:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chan_and_pids.channels[curr_channel].service_id = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:754:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chan_and_pids.channels[curr_channel].pids[curr_pid] = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:796:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
server_id = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:811:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chan_and_pids.check_cc = atoi (substring);
data/mumudvb-1.7.1/src/mumudvb.c:889:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/mumudvb-1.7.1/src/mumudvb.c:890:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuneparams.card);
data/mumudvb-1.7.1/src/mumudvb.c:892:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuneparams.tuner);
data/mumudvb-1.7.1/src/mumudvb.c:894:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",server_id);
data/mumudvb-1.7.1/src/mumudvb.c:904:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/mumudvb-1.7.1/src/mumudvb.c:905:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuneparams.card);
data/mumudvb-1.7.1/src/mumudvb.c:907:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuneparams.tuner);
data/mumudvb-1.7.1/src/mumudvb.c:909:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",server_id);
data/mumudvb-1.7.1/src/mumudvb.c:911:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_params.log_file = fopen (log_params.log_file_path, "a");
data/mumudvb-1.7.1/src/mumudvb.c:1005:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
channels_diff = fopen (filename_channels_streamed, "w");
data/mumudvb-1.7.1/src/mumudvb.c:1016:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
channels_not_streamed = fopen (filename_channels_not_streamed, "w");
data/mumudvb-1.7.1/src/mumudvb.c:1031:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cam_info = fopen (cam_vars.filename_cam_info, "w");
data/mumudvb-1.7.1/src/mumudvb.c:1081:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/mumudvb-1.7.1/src/mumudvb.c:1082:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuneparams.card);
data/mumudvb-1.7.1/src/mumudvb.c:1084:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",tuneparams.tuner);
data/mumudvb-1.7.1/src/mumudvb.c:1086:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number,"%d",server_id);
data/mumudvb-1.7.1/src/mumudvb.c:1089:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfile = fopen (filename_pid, "w");
data/mumudvb-1.7.1/src/mumudvb.c:1505:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump_file = fopen (dump_filename, "w");
data/mumudvb-1.7.1/src/mumudvb.c:1803:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chan_and_pids.channels[curr_channel].buf + chan_and_pids.channels[curr_channel].nb_bytes, actual_ts_packet, TS_PACKET_SIZE);
data/mumudvb-1.7.1/src/mumudvb.h:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LEN];
data/mumudvb-1.7.1/src/mumudvb.h:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pids_language[MAX_PIDS_PAR_CHAINE][4];
data/mumudvb-1.7.1/src/mumudvb.h:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pids_scrambled[MAX_PIDS_PAR_CHAINE];
data/mumudvb-1.7.1/src/mumudvb.h:267:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_with_rtp_header[RTP_HEADER_LEN];
data/mumudvb-1.7.1/src/mumudvb.h:269:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_UDP_SIZE];
data/mumudvb-1.7.1/src/mumudvb.h:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip4Out[20];
data/mumudvb-1.7.1/src/mumudvb.h:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip6Out[IPV6_CHAR_LEN];
data/mumudvb-1.7.1/src/mumudvb.h:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sap_group[SAP_GROUP_LENGTH];
data/mumudvb-1.7.1/src/mumudvb.h:310:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char generated_pat[TS_PACKET_SIZE]; /**@todo: allocate dynamically*/
data/mumudvb-1.7.1/src/mumudvb.h:314:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char generated_sdt[TS_PACKET_SIZE]; /**@todo: allocate dynamically*/
data/mumudvb-1.7.1/src/mumudvb.h:353:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface4[IF_NAMESIZE+1];
data/mumudvb-1.7.1/src/mumudvb.h:355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface6[IF_NAMESIZE+1];
data/mumudvb-1.7.1/src/mumudvb_common.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pospattern,replacement,lengthreplacment);
data/mumudvb-1.7.1/src/mumudvb_common.c:214:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(string);
data/mumudvb-1.7.1/src/mumudvb_common.c:219:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number1=atoi(tempchar);
data/mumudvb-1.7.1/src/mumudvb_common.c:223:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return number1*atoi(multpos+1);
data/mumudvb-1.7.1/src/mumudvb_test.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[80];
data/mumudvb-1.7.1/src/mumudvb_test.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipd[80];
data/mumudvb-1.7.1/src/mumudvb_test.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files_sdt[NUM_FILES_TEST_READ_SDT]={FILES_TEST_READ_SDT_TS};
data/mumudvb-1.7.1/src/mumudvb_test.c:158:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile=fopen (files_sdt[i_file], "r");
data/mumudvb-1.7.1/src/mumudvb_test.c:162:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet_raw[TS_PACKET_SIZE];
data/mumudvb-1.7.1/src/mumudvb_test.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files_rand[NUM_FILES_TEST_READ_RAND]={FILES_TEST_READ_RAND};
data/mumudvb-1.7.1/src/mumudvb_test.c:235:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile=fopen (files_rand[i_file] , "r");
data/mumudvb-1.7.1/src/mumudvb_test.c:239:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet_raw[TS_PACKET_SIZE];
data/mumudvb-1.7.1/src/mumudvb_test.c:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files_autoconf[NUM_FILES_TEST_AUTOCONF]={FILES_TEST_AUTOCONF};
data/mumudvb-1.7.1/src/mumudvb_test.c:271:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile=fopen (files_autoconf[i_file] , "r");
data/mumudvb-1.7.1/src/mumudvb_test.c:286:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (autoconf_vars.autoconf_ip4,"239.100+3.%card+1.%number");
data/mumudvb-1.7.1/src/mumudvb_test.c:310:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char actual_ts_packet[TS_PACKET_SIZE];
data/mumudvb-1.7.1/src/mumudvb_test.c:364:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile=fopen (files_autoconf[i_file] , "r");
data/mumudvb-1.7.1/src/pat_rewrite.c:112:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_dest[TS_PACKET_SIZE];
data/mumudvb-1.7.1/src/pat_rewrite.c:131:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_dest,ts_header,TS_HEADER_LEN);
data/mumudvb-1.7.1/src/pat_rewrite.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_dest+TS_HEADER_LEN,pat,PAT_LEN);
data/mumudvb-1.7.1/src/pat_rewrite.c:165:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_dest+buf_dest_pos,rewrite_vars->full_pat->data_full+delta,PAT_PROG_LEN);
data/mumudvb-1.7.1/src/pat_rewrite.c:216:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(channel->generated_pat,buf_dest,TS_PACKET_SIZE);
data/mumudvb-1.7.1/src/pat_rewrite.c:290:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet,channel->generated_pat,TS_PACKET_SIZE);
data/mumudvb-1.7.1/src/rewrite.c:52:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi (substring))
data/mumudvb-1.7.1/src/rewrite.c:64:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi (substring))
data/mumudvb-1.7.1/src/rewrite.c:77:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi (substring))
data/mumudvb-1.7.1/src/rewrite.c:89:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi (substring))
data/mumudvb-1.7.1/src/sap.c:55:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi (substring) != 0)
data/mumudvb-1.7.1/src/sap.c:68:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sap_vars->sap_interval = atoi (substring);
data/mumudvb-1.7.1/src/sap.c:73:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sap_vars->sap_ttl = atoi (substring);
data/mumudvb-1.7.1/src/sap.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[256];
data/mumudvb-1.7.1/src/sap.c:287:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sap_message4->buf + 4, &ip4, 4);
data/mumudvb-1.7.1/src/sap.c:305:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sap_message6->buf + 4, &ip6.s6_addr, 16);
data/mumudvb-1.7.1/src/sap.c:315:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_string,"application/sdp");
data/mumudvb-1.7.1/src/sap.c:318:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sap_message4->buf + SAP_HEAD_LEN4, temp_string, strlen(temp_string));
data/mumudvb-1.7.1/src/sap.c:325:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sap_message6->buf + SAP_HEAD_LEN6, temp_string, strlen(temp_string));
data/mumudvb-1.7.1/src/sap.c:563:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sap_message4->buf + sap_message4->len, payload4.string, payload4.length);
data/mumudvb-1.7.1/src/sap.c:578:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sap_message6->buf + sap_message6->len, payload6.string, payload6.length);
data/mumudvb-1.7.1/src/sap.h:62:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_UDP_SIZE];
data/mumudvb-1.7.1/src/sap.h:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sap_sending_ip4[20];
data/mumudvb-1.7.1/src/sap.h:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sap_sending_ip6[IPV6_CHAR_LEN];
data/mumudvb-1.7.1/src/sap.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sap_default_group[SAP_GROUP_LENGTH];
data/mumudvb-1.7.1/src/sap.h:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sap_uri[256];
data/mumudvb-1.7.1/src/sap.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sap_organisation[256];
data/mumudvb-1.7.1/src/sdt_rewrite.c:143:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_dest[TS_PACKET_SIZE];
data/mumudvb-1.7.1/src/sdt_rewrite.c:172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_dest,ts_header,TS_HEADER_LEN);
data/mumudvb-1.7.1/src/sdt_rewrite.c:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_dest+TS_HEADER_LEN,sdt,SDT_LEN);
data/mumudvb-1.7.1/src/sdt_rewrite.c:204:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t_buffer[MAX_TS_SIZE];
data/mumudvb-1.7.1/src/sdt_rewrite.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_buffer,rewrite_vars->full_sdt->data_full+buffer_pos,SDT_DESCR_LEN);
data/mumudvb-1.7.1/src/sdt_rewrite.c:220:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_buffer+SDT_DESCR_LEN+loop_length,rewrite_vars->full_sdt->data_full+buffer_pos+SDT_DESCR_LEN+pos,descriptor_len);
data/mumudvb-1.7.1/src/sdt_rewrite.c:250:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_dest+buf_dest_pos,t_buffer,SDT_DESCR_LEN+loop_length);
data/mumudvb-1.7.1/src/sdt_rewrite.c:302:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(channel->generated_sdt,buf_dest,TS_PACKET_SIZE);
data/mumudvb-1.7.1/src/sdt_rewrite.c:416:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet,channel->generated_sdt,TS_PACKET_SIZE);
data/mumudvb-1.7.1/src/transcode.c:214:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*(struct_option_name) = atoi(strtok(NULL, delimiteurs));\
data/mumudvb-1.7.1/src/transcode.c:552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_number[10];
data/mumudvb-1.7.1/src/transcode.c:553:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_card[10];
data/mumudvb-1.7.1/src/transcode.c:554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_tuner[10];
data/mumudvb-1.7.1/src/transcode.c:555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_server[10];
data/mumudvb-1.7.1/src/transcode.c:557:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c_number,"%d",channel_number+1);
data/mumudvb-1.7.1/src/transcode.c:558:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c_card,"%d",card);
data/mumudvb-1.7.1/src/transcode.c:559:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c_tuner,"%d",tuner);
data/mumudvb-1.7.1/src/transcode.c:560:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c_server,"%d",server);
data/mumudvb-1.7.1/src/transcode_avlib.c:284:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex_table[16] = { '0', '1', '2', '3',
data/mumudvb-1.7.1/src/transcode_avlib.c:363:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_hexa[13];
data/mumudvb-1.7.1/src/transcode_avlib.c:1214:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[30];
data/mumudvb-1.7.1/src/transcode_avlib.c:1375:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *sdp_file = fopen(transcode_thread_data->options->sdp_filename, "w+");
data/mumudvb-1.7.1/src/transcode_avlib.c:1497:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st, ffm_format_context->streams[i], sizeof(AVStream));
data/mumudvb-1.7.1/src/transcode_avlib.c:1499:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->codec, ffm_format_context->streams[i]->codec, sizeof(AVCodecContext));
data/mumudvb-1.7.1/src/transcode_avlib.c:1850:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->data, packet->data, packet->size);
data/mumudvb-1.7.1/src/transcode_avlib.c:2265:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/mumudvb-1.7.1/src/transcode_common.h:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[20]; //for rtp streaming
data/mumudvb-1.7.1/src/transcode_queues.c:93:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->data, data, data_size);
data/mumudvb-1.7.1/src/transcode_queues.c:126:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + buf_pos, item->data, item->data_size);
data/mumudvb-1.7.1/src/transcode_queues.c:148:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, item->data, buf_size);
data/mumudvb-1.7.1/src/transcode_queues.c:155:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->data, old_buf + buf_pos, item->data_size);
data/mumudvb-1.7.1/src/ts.c:92:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->data_full,pkt->buffer_full,pkt->len_full);
data/mumudvb-1.7.1/src/ts.c:235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->data_partial,buf,pkt->len_partial);
data/mumudvb-1.7.1/src/ts.c:308:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->data_partial+pkt->len_partial,buf,copy_len);//we add the packet to the buffer
data/mumudvb-1.7.1/src/ts.c:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->buffer_full+pkt->full_buffer_len,pkt->data_partial,pkt->len_partial);
data/mumudvb-1.7.1/src/ts.c:346:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->data_full,pkt->buffer_full,pkt->len_full);
data/mumudvb-1.7.1/src/ts.h:733:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data_full[MAX_TS_SIZE];
data/mumudvb-1.7.1/src/ts.h:745:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_full[FULL_BUFFER_SIZE];
data/mumudvb-1.7.1/src/ts.h:747:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data_partial[MAX_TS_SIZE];
data/mumudvb-1.7.1/src/tune.c:69:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->sat_number = atoi (substring);
data/mumudvb-1.7.1/src/tune.c:137:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->lnb_voltage_off = atoi(substring);
data/mumudvb-1.7.1/src/tune.c:156:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->lnb_lof_standard = atoi(substring)*1000UL;
data/mumudvb-1.7.1/src/tune.c:161:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->lnb_slof = atoi(substring)*1000UL;
data/mumudvb-1.7.1/src/tune.c:166:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->lnb_lof_high = atoi(substring)*1000UL;
data/mumudvb-1.7.1/src/tune.c:171:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->lnb_lof_low = atoi(substring)*1000UL;
data/mumudvb-1.7.1/src/tune.c:176:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->srate = atol (substring);
data/mumudvb-1.7.1/src/tune.c:182:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->card = atoi (substring);
data/mumudvb-1.7.1/src/tune.c:187:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->check_status = atoi (substring);
data/mumudvb-1.7.1/src/tune.c:192:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->tuner = atoi (substring);
data/mumudvb-1.7.1/src/tune.c:500:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tuneparams->tuning_timeout = atoi (substring);
data/mumudvb-1.7.1/src/tune.h:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char card_dev_path[256];
data/mumudvb-1.7.1/src/tune.h:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fe_name[256];
data/mumudvb-1.7.1/src/unicast_http.c:156:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unicast_vars->unicast = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:166:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unicast_vars->consecutive_errors_timeout = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:174:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unicast_vars->max_clients = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:179:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unicast_vars->queue_max_size = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:190:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unicast_vars->portOut = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:201:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
current_channel->unicast_port = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:206:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unicast_vars->socket_sendbuf_size = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:211:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unicast_vars->flush_on_eagain = atoi (substring);
data/mumudvb-1.7.1/src/unicast_http.c:601:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
requested_channel=atoi(substring);
data/mumudvb-1.7.1/src/unicast_http.c:629:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
requested_sid=atoi(substring);
data/mumudvb-1.7.1/src/unicast_http.c:944:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&reply->buffer_header[reply->used_header],reply->buffer_body,sizeof(char)*reply->used_body);
data/mumudvb-1.7.1/src/unicast_http.c:1070:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urlheader[4];
data/mumudvb-1.7.1/src/unicast_http.c:1071:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlcchar[2];
data/mumudvb-1.7.1/src/unicast_http.c:1088:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urlheader,"rtp");
data/mumudvb-1.7.1/src/unicast_http.c:1090:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(urlheader,"udp");
data/mumudvb-1.7.1/src/unicast_http.c:1274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdatetime[25];
data/mumudvb-1.7.1/src/unicast_http.c:1310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fetype[10]="Unkonwn";
data/mumudvb-1.7.1/src/unicast_http.c:1332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SCVYL[6]="-----";
data/mumudvb-1.7.1/src/unicast_http.c:1445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdatetime[25];
data/mumudvb-1.7.1/src/unicast_http.c:1529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdatetime[25];
data/mumudvb-1.7.1/src/unicast_http.h:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipOut[20];
data/mumudvb-1.7.1/src/unicast_queue.c:268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->data,data,data_len);
data/mumudvb-1.7.1/src/autoconf.c:158:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>8)
data/mumudvb-1.7.1/src/autoconf.c:174:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>79)
data/mumudvb-1.7.1/src/autoconf.c:185:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>79)
data/mumudvb-1.7.1/src/autoconf.c:203:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>255)
data/mumudvb-1.7.1/src/autoconf.c:215:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>255)
data/mumudvb-1.7.1/src/autoconf.c:244:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strlen (substring) >= MAX_NAME_LEN - 1))
data/mumudvb-1.7.1/src/autoconf.c:249:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(autoconf_vars->name_template,strtok(substring,"\n"),MAX_NAME_LEN-1);
data/mumudvb-1.7.1/src/autoconf.c:620:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unicast_port_per_channel=strlen(parameters.autoconf_unicast_port)?1:0;
data/mumudvb-1.7.1/src/autoconf.c:674:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parameters.name_template))
data/mumudvb-1.7.1/src/autoconf.c:692:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parameters.autoconf_multicast_port))
data/mumudvb-1.7.1/src/autoconf_atsc.c:299:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (new_service->name, channel_name, strlen(channel_name));
data/mumudvb-1.7.1/src/autoconf_atsc.c:300:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_service->name[strlen(channel_name)] = '\0';
data/mumudvb-1.7.1/src/autoconf_sdt.c:215:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempdest=tempbuf=malloc(sizeof(char)*2*strlen(string));
data/mumudvb-1.7.1/src/cam.c:411:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100*1000); //some waiting - 100ms (see specs)
data/mumudvb-1.7.1/src/cam.c:541:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/mumudvb-1.7.1/src/cam.c:560:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50*1000);
data/mumudvb-1.7.1/src/cam.c:562:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50*1000);
data/mumudvb-1.7.1/src/dvb.c:201:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/mumudvb-1.7.1/src/dvb.c:326:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000); //some waiting to be sure the main program is waiting //it is probably useless
data/mumudvb-1.7.1/src/dvb.c:395:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes_read = read (fd_dvr, dest_buffer, TS_PACKET_SIZE*card_buffer->dvr_buffer_size)) > 0)
data/mumudvb-1.7.1/src/dvb.c:558:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(d_adapter->d_name)<8)
data/mumudvb-1.7.1/src/dvb.c:600:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(d_tuner->d_name)<(strlen(FRONTEND_DEV_NAME)+1))
data/mumudvb-1.7.1/src/dvb.c:600:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(d_tuner->d_name)<(strlen(FRONTEND_DEV_NAME)+1))
data/mumudvb-1.7.1/src/dvb.c:602:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(d_tuner->d_name,FRONTEND_DEV_NAME,strlen(FRONTEND_DEV_NAME)))
data/mumudvb-1.7.1/src/dvb.c:604:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tuner_number= atoi(d_tuner->d_name+strlen(FRONTEND_DEV_NAME));
data/mumudvb-1.7.1/src/log.c:132:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_params.log_file_path=malloc((strlen(substring)+1)*sizeof(char));
data/mumudvb-1.7.1/src/log.c:133:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(log_params.log_file_path,substring,strlen(substring)+1);
data/mumudvb-1.7.1/src/log.c:133:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(log_params.log_file_path,substring,strlen(substring)+1);
data/mumudvb-1.7.1/src/log.c:145:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_params.log_header=malloc((strlen(substring)+1)*sizeof(char));
data/mumudvb-1.7.1/src/log.c:229:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_params.log_header=malloc((strlen(DEFAULT_LOG_HEADER)+1)*sizeof(char));
data/mumudvb-1.7.1/src/log.c:261:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestring[strlen(timestring)-1]='\0'; //In order to remove the final '\n' but by asctime
data/mumudvb-1.7.1/src/log.c:274:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_string.length=strlen(log_string.string);
data/mumudvb-1.7.1/src/log.c:297:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tempchar[strlen(tempchar)-1] != '\n')
data/mumudvb-1.7.1/src/log.c:379:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lang+1,channels[curr_channel].pids_language[curr_pid],4);
data/mumudvb-1.7.1/src/log.c:518:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp (substring, "autoconf_", strlen("autoconf_")))
data/mumudvb-1.7.1/src/multicast.c:89:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>19)
data/mumudvb-1.7.1/src/multicast.c:100:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>(IPV6_CHAR_LEN-1))
data/mumudvb-1.7.1/src/multicast.c:130:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>(IF_NAMESIZE))
data/mumudvb-1.7.1/src/multicast.c:141:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>(IF_NAMESIZE))
data/mumudvb-1.7.1/src/mumudvb.c:450:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conf_filename = (char *) malloc (strlen (optarg) + 1);
data/mumudvb-1.7.1/src/mumudvb.c:456:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (conf_filename, optarg, strlen (optarg) + 1);
data/mumudvb-1.7.1/src/mumudvb.c:456:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (conf_filename, optarg, strlen (optarg) + 1);
data/mumudvb-1.7.1/src/mumudvb.c:489:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dump_filename = (char *) malloc (strlen (optarg) + 1);
data/mumudvb-1.7.1/src/mumudvb.c:495:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dump_filename, optarg, strlen (optarg) + 1);
data/mumudvb-1.7.1/src/mumudvb.c:495:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (dump_filename, optarg, strlen (optarg) + 1);
data/mumudvb-1.7.1/src/mumudvb.c:554:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len=strlen(current_line);
data/mumudvb-1.7.1/src/mumudvb.c:583:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len=strlen(current_line);
data/mumudvb-1.7.1/src/mumudvb.c:784:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strlen (substring) >= MAX_NAME_LEN - 1))
data/mumudvb-1.7.1/src/mumudvb.c:789:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(chan_and_pids.channels[curr_channel].name,strtok(substring,"\n"),MAX_NAME_LEN-1);
data/mumudvb-1.7.1/src/mumudvb.c:801:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>=DEFAULT_PATH_LEN)
data/mumudvb-1.7.1/src/mumudvb.c:815:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen (current_line) > 1)
data/mumudvb-1.7.1/src/mumudvb.c:880:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((!strlen(tuneparams.card_dev_path))||(cmdlinecard!=-1))
data/mumudvb-1.7.1/src/mumudvb.c:888:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(unicast_vars.portOut_str)+1;
data/mumudvb-1.7.1/src/mumudvb.c:903:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(log_params.log_file_path)+1;
data/mumudvb-1.7.1/src/mumudvb.c:2025:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename_channels_streamed) && (write_streamed_channels)&&remove (filename_channels_streamed))
data/mumudvb-1.7.1/src/mumudvb.c:2033:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename_channels_not_streamed) && (write_streamed_channels)&&remove (filename_channels_not_streamed))
data/mumudvb-1.7.1/src/mumudvb.c:2429:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/mumudvb-1.7.1/src/mumudvb_common.c:112:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lengthpattern=strlen(toreplace);
data/mumudvb-1.7.1/src/mumudvb_common.c:113:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lengthreplacment=strlen(replacement);
data/mumudvb-1.7.1/src/mumudvb_common.c:114:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lengthsource=strlen(source);
data/mumudvb-1.7.1/src/mumudvb_common.c:163:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(source,tempstring,*length-1);
data/mumudvb-1.7.1/src/mumudvb_common.c:185:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(string);
data/mumudvb-1.7.1/src/mumudvb_common.c:192:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tempchar,string,len);
data/mumudvb-1.7.1/src/mumudvb_common.c:217:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tempchar,string,len);
data/mumudvb-1.7.1/src/mumudvb_test.c:81:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/mumudvb-1.7.1/src/network.c:115:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(iface))
data/mumudvb-1.7.1/src/network.c:174:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(iface))
data/mumudvb-1.7.1/src/sap.c:79:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strlen (substring) >= 255 - 1))
data/mumudvb-1.7.1/src/sap.c:84:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sap_vars->sap_organisation,strtok(substring,"\n"),255 - 1);
data/mumudvb-1.7.1/src/sap.c:91:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strlen (substring) >= 255 - 1))
data/mumudvb-1.7.1/src/sap.c:96:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sap_vars->sap_uri,strtok(substring,"\n"),255 - 1);
data/mumudvb-1.7.1/src/sap.c:106:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>19)
data/mumudvb-1.7.1/src/sap.c:117:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>(IPV6_CHAR_LEN-1))
data/mumudvb-1.7.1/src/sap.c:135:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>(SAP_GROUP_LENGTH-1))
data/mumudvb-1.7.1/src/sap.c:146:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>(SAP_GROUP_LENGTH-1))
data/mumudvb-1.7.1/src/sap.c:318:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sap_message4->buf + SAP_HEAD_LEN4, temp_string, strlen(temp_string));
data/mumudvb-1.7.1/src/sap.c:319:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sap_message4->len=SAP_HEAD_LEN4+strlen(temp_string);
data/mumudvb-1.7.1/src/sap.c:325:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sap_message6->buf + SAP_HEAD_LEN6, temp_string, strlen(temp_string));
data/mumudvb-1.7.1/src/sap.c:326:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sap_message6->len=SAP_HEAD_LEN6+strlen(temp_string);
data/mumudvb-1.7.1/src/sap.c:426:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sap_vars->sap_uri))
data/mumudvb-1.7.1/src/sap.c:509:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(channel->sap_group)||strlen(sap_vars->sap_default_group))
data/mumudvb-1.7.1/src/sap.c:509:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(channel->sap_group)||strlen(sap_vars->sap_default_group))
data/mumudvb-1.7.1/src/sap.c:511:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(channel->sap_group))
data/mumudvb-1.7.1/src/transcode.c:61:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/mumudvb-1.7.1/src/transcode.c:77:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/mumudvb-1.7.1/src/transcode.c:228:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(*substring);\
data/mumudvb-1.7.1/src/transcode.c:250:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(s); j++) {
data/mumudvb-1.7.1/src/transcode.c:256:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s) - 1;
data/mumudvb-1.7.1/src/transcode.c:262:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < strlen(s) - 1) {
data/mumudvb-1.7.1/src/transcode.c:273:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*substring) <= TRANSCODE_STREAMING_TYPE_MAX) {
data/mumudvb-1.7.1/src/transcode.c:278:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *stremaing_type_string = malloc(strlen(*substring) + 1);
data/mumudvb-1.7.1/src/transcode.c:310:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*substring) <= TRANSCODE_PROFILE_MAX) {
data/mumudvb-1.7.1/src/transcode.c:313:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *profile_string = malloc(strlen(*substring) + 1);
data/mumudvb-1.7.1/src/transcode.c:372:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
transcode_options->video_codec = malloc(strlen(codec_str) + 1);
data/mumudvb-1.7.1/src/transcode.c:381:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*substring) <= TRANSCODE_AAC_PROFILE_MAX) {
data/mumudvb-1.7.1/src/transcode.c:386:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *aac_profile_string = malloc(strlen(*substring) + 1);
data/mumudvb-1.7.1/src/transcode.c:488:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(struct_source->option_name);\
data/mumudvb-1.7.1/src/transcode.c:563:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(opt->sdp_filename)+1;
data/mumudvb-1.7.1/src/transcode.c:572:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(opt->ffm_url)+1;
data/mumudvb-1.7.1/src/transcode.c:581:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(opt->s_rtp_port)+1;
data/mumudvb-1.7.1/src/transcode_avlib.c:331:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff + buff_len, p, p2 - p + 2);
data/mumudvb-1.7.1/src/transcode_avlib.c:387:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff + buff_len, buff2, len);
data/mumudvb-1.7.1/src/transcode_avlib.c:397:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/mumudvb-1.7.1/src/transcode_avlib.c:401:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff + buff_len, p, len);
data/mumudvb-1.7.1/src/transcode_avlib.c:445:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000); /* No data yet. Sleep for 0.5 sec */
data/mumudvb-1.7.1/src/tune.c:197:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>(256-1))
data/mumudvb-1.7.1/src/tune.c:1041:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/mumudvb-1.7.1/src/unicast_clients.c:241:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRet=write(client->Socket,HTTP_OK_REPLY, strlen(HTTP_OK_REPLY));
data/mumudvb-1.7.1/src/unicast_clients.c:242:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(iRet!=strlen(HTTP_OK_REPLY))
data/mumudvb-1.7.1/src/unicast_http.c:136:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(substring)>19)
data/mumudvb-1.7.1/src/unicast_http.c:186:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unicast_vars->portOut_str=malloc(sizeof(char)*(strlen(substring)+1));
data/mumudvb-1.7.1/src/unicast_http.c:420:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRet=write(tempSocket,HTTP_503_REPLY, strlen(HTTP_503_REPLY));
data/mumudvb-1.7.1/src/unicast_http.c:552:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(client->buffer)>5 && strstr(client->buffer, "\n\r\n\0"))
data/mumudvb-1.7.1/src/unicast_http.c:588:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRet=write(client->Socket,HTTP_501_REPLY, strlen(HTTP_501_REPLY));
data/mumudvb-1.7.1/src/unicast_http.c:595:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos+=strlen("/bynumber/");
data/mumudvb-1.7.1/src/unicast_http.c:619:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRet=write(client->Socket,HTTP_501_REPLY, strlen(HTTP_501_REPLY)); //iRet is to make the copiler happy we will close the connection anyways
data/mumudvb-1.7.1/src/unicast_http.c:622:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos+=strlen("/bysid/");
data/mumudvb-1.7.1/src/unicast_http.c:652:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRet=write(client->Socket,HTTP_501_REPLY, strlen(HTTP_501_REPLY));//iRet is to make the copiler happy we will close the connection anyways
data/mumudvb-1.7.1/src/unicast_http.c:655:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos+=strlen("/byname/");
data/mumudvb-1.7.1/src/unicast_http.c:744:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos+=strlen("/cam/action.xml?key=");
data/mumudvb-1.7.1/src/unicast_http.c:786:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRet=write(client->Socket,HTTP_501_REPLY, strlen(HTTP_501_REPLY));//iRet is to make the copiler happy we will close the connection anyways
data/mumudvb-1.7.1/src/unicast_http.c:792:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iRet=write(client->Socket,HTTP_501_REPLY, strlen(HTTP_501_REPLY));//iRet is to make the copiler happy we will close the connection anyways
data/mumudvb-1.7.1/src/unicast_http.c:1083:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(vlcchar,"@");
ANALYSIS SUMMARY:
Hits = 459
Lines analyzed = 21475 in approximately 0.59 seconds (36504 lines/second)
Physical Source Lines of Code (SLOC) = 14667
Hits@level = [0] 67 [1] 123 [2] 269 [3] 1 [4] 66 [5] 0
Hits@level+ = [0+] 526 [1+] 459 [2+] 336 [3+] 67 [4+] 66 [5+] 0
Hits/KSLOC@level+ = [0+] 35.8628 [1+] 31.2947 [2+] 22.9086 [3+] 4.56808 [4+] 4.4999 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.