Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/opencaster-3.2.2+dfsg/libs/dvbobjects/sectioncrc.py.c
Examining data/opencaster-3.2.2+dfsg/libs/sectioncrc/sectioncrc.c
Examining data/opencaster-3.2.2+dfsg/libs/sectioncrc/sectioncrc.h
Examining data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c
Examining data/opencaster-3.2.2+dfsg/tools/tsfilter/tsfilter.c
Examining data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c
Examining data/opencaster-3.2.2+dfsg/tools/ts2pes/ts2pes.c
Examining data/opencaster-3.2.2+dfsg/tools/m2ts2cbrts/m2ts2cbrts.c
Examining data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c
Examining data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c
Examining data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c
Examining data/opencaster-3.2.2+dfsg/tools/mpe2sec/sectioncrc.c
Examining data/opencaster-3.2.2+dfsg/tools/mpe2sec/sectioncrc.h
Examining data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c
Examining data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c
Examining data/opencaster-3.2.2+dfsg/tools/txt2pes/txt2pes.c
Examining data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c
Examining data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c
Examining data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c
Examining data/opencaster-3.2.2+dfsg/tools/esvideompeg2info/esvideompeg2info.c
Examining data/opencaster-3.2.2+dfsg/tools/pes2txt/pes2txt.c
Examining data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c
Examining data/opencaster-3.2.2+dfsg/tools/tsccc/tsccc.c
Examining data/opencaster-3.2.2+dfsg/tools/tspcrstamp/tspcrstamp.c
Examining data/opencaster-3.2.2+dfsg/tools/pes2es/pes2es.c
Examining data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c
Examining data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c
Examining data/opencaster-3.2.2+dfsg/tools/tstcpsend/tstcpsend.c
Examining data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c
Examining data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c
Examining data/opencaster-3.2.2+dfsg/tools/tstimedwrite/tstimedwrite.c
Examining data/opencaster-3.2.2+dfsg/tools/tsmask/tsmask.c
Examining data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c
Examining data/opencaster-3.2.2+dfsg/tools/esaudioinfo/esaudioinfo.c
Examining data/opencaster-3.2.2+dfsg/tools/tstimeout/tstimeout.c
Examining data/opencaster-3.2.2+dfsg/tools/tscrypt/tscrypt.c
Examining data/opencaster-3.2.2+dfsg/tools/tsfixcc/tsfixcc.c
Examining data/opencaster-3.2.2+dfsg/tools/tsudpreceive/tsudpreceive.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/table.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/assoc.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/utils.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/dsmcc.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/table.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/dsmcc.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/filter.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/dsmcc-receive.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/biop.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/assoc.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/module.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/carousel.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/carousel.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/filter.h
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/module.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/util.c
Examining data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/biop.c
Examining data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c
Examining data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c
Examining data/opencaster-3.2.2+dfsg/tools/tsdoubleoutput/tsdoubleoutput.c
Examining data/opencaster-3.2.2+dfsg/tools/oddparity/oddparity.c
Examining data/opencaster-3.2.2+dfsg/tools/ip2sec/ip2sec.c
Examining data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c
Examining data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c
Examining data/opencaster-3.2.2+dfsg/tools/zpipe/zpipe.c
Examining data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c
Examining data/opencaster-3.2.2+dfsg/tools/pesdata2ts/pesdata2ts.c
Examining data/opencaster-3.2.2+dfsg/tools/i13942ts/i13942ts.c
Examining data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c
Examining data/opencaster-3.2.2+dfsg/tools/ts2m2ts/ts2m2ts.c
Examining data/opencaster-3.2.2+dfsg/tools/tspcrmeasure/tspcrmeasure.c
Examining data/opencaster-3.2.2+dfsg/tools/tsdiscont/tsdiscont.c
Examining data/opencaster-3.2.2+dfsg/tools/pesinfo/pesinfo.c
Examining data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c
Examining data/opencaster-3.2.2+dfsg/tools/tstcpreceive/tstcpreceive.c
Examining data/opencaster-3.2.2+dfsg/tools/mpeg2videovbv/vbv.c
Examining data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c
Examining data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c
FINAL RESULTS:
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/util.c:127:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, ap);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/util.c:140:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, ap);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/util.c:201:10: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(message, ap);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/util.c:217:10: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(message, ap);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:85:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tunname, "/dev/%s", dev);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:95:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev, tunname + 5);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:169:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "ifdown %s", ip_device);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:170:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(s);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:193:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip_device, argv[n]);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:201:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "ifup %s", ip_device);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:202:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(s);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/biop.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4]; /* 'BIOP' */
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/carousel.c:47:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char table[MAX_TABLE_LEN];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/carousel.c:127:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cached + (index * MAX_TABLE_LEN), table, MAX_TABLE_LEN);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/dsmcc-receive.c:57:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cachesize = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/dsmcc-receive.c:58:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/dsmcc-receive.c:59:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
component_tag = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _carousel_root[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:89:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(filename, "wb")) == NULL)
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:99:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(filename, "wb")) == NULL)
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realfile[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkfile[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:160:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _dirname[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:185:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(filename, "wb")) == NULL)
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realfile[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkfile[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/fs.c:236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _ascii_key[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/module.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mod->data + (block * mod->block_size), data, length);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/table.c:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, section_head + 1, 2);
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/table.c:67:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, section_head, SECTION_HEADER_SIZE);
data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c:37:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g_section[SECTION_MAX_SIZE+1]; /* +1 to handle a special case, see later in the code */
data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c:38:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g_section_head[SECTION_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c:52:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, g_section_head + 1, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_section, g_section_head, SECTION_HEADER_SIZE);
data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c:87:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_sec = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:41:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g_section[SECTION_MAX_SIZE+1]; /* +1 to handle a special case, see later in the code */
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:42:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g_section_head[SECTION_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:56:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, g_section_head + 1, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_section, g_section_head, SECTION_HEADER_SIZE);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_path[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:106:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_sec = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:119:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table[locators_num].onid = atoi(&(argv[i][1]));
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:120:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table[locators_num].tsid = atoi(argv[i+1]);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:121:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table[locators_num].sid = atoi(argv[i+2]);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&onid, a_section + 10, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tsid, a_section + 8, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sid, a_section + 3, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:150:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_output = open(path, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:156:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_output = open(path, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:158:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_output = open(path, O_CREAT|O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:37:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g_section[SECTION_MAX_SIZE+1]; /* +1 to handle a special case, see later in the code */
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:38:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char g_section_head[SECTION_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:52:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, g_section_head + 1, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_section, g_section_head, SECTION_HEADER_SIZE);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:103:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_sec = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:115:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table[locators_num].onid = atoi(argv[i]);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:116:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table[locators_num].tsid = atoi(argv[i+1]);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:117:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table[locators_num].sid = atoi(argv[i+2]);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:119:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table_map[locators_num].onid = atoi(argv[i+4]);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:120:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table_map[locators_num].tsid = atoi(argv[i+5]);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:121:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locator_table_map[locators_num].sid = atoi(argv[i+6]);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&onid, a_section + 10, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tsid, a_section + 8, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sid, a_section + 3, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_section + 10, &onid, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_section + 8, &tsid, 2);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_section + 3, &sid, 2);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:61:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pes_header[PES_HEADER_SIZE_WITH_AD];
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:71:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_es = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:72:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
samples_per_frame = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:73:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sample_rate = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:74:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
es_frame_size = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:75:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AD_fade_value = atoi(argv[5]);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:103:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pts_offset = atol(argv[6]);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:107:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pts_limit = atol(argv[7]);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:111:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream_id = atoi(argv[8]);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pes_header + 4, &pes_frame_size, 2);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pes_header + 4, &pes_frame_size, 2);
data/opencaster-3.2.2+dfsg/tools/esaudio2pes/esaudio2pes.c:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pes_header + 4, &pes_frame_size, 2);
data/opencaster-3.2.2+dfsg/tools/esaudioinfo/esaudioinfo.c:256:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char es_header[HEADER_MAX_SIZE];
data/opencaster-3.2.2+dfsg/tools/esaudioinfo/esaudioinfo.c:260:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_es = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/esaudioinfo/esaudioinfo.c:325:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framelength = 12 * atoi(bit_rate_audio[version][layer][bitrated]) * 1000;
data/opencaster-3.2.2+dfsg/tools/esaudioinfo/esaudioinfo.c:326:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framelength /= atoi(sampling[version][sampled]);
data/opencaster-3.2.2+dfsg/tools/esaudioinfo/esaudioinfo.c:330:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framelength = 144 * atoi(bit_rate_audio[version][layer][bitrated]) * 1000;
data/opencaster-3.2.2+dfsg/tools/esaudioinfo/esaudioinfo.c:331:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
framelength /= atoi(sampling[version][sampled]);
data/opencaster-3.2.2+dfsg/tools/esvideompeg2info/esvideompeg2info.c:168:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char es_header[HEADER_MAX_SIZE];
data/opencaster-3.2.2+dfsg/tools/esvideompeg2info/esvideompeg2info.c:172:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_es = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c:108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pes_header[PES_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c:109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char es_header[ES_HEADER_SIZE + 8];
data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c:111:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header_buffer[HEADER_BUFFER_MAX_SIZE];
data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c:116:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_es = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c:120:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pts_limit = atol(argv[2]);
data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c:124:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream_id = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/esvideompeg2pes/esvideompeg2pes.c:269:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_buffer, es_header, ES_HEADER_SIZE);
data/opencaster-3.2.2+dfsg/tools/i13942ts/i13942ts.c:44:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char CIP_header[CIP_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/i13942ts/i13942ts.c:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char SP_header[SP_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/i13942ts/i13942ts.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/i13942ts/i13942ts.c:47:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char i1394_header[I1394_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/i13942ts/i13942ts.c:51:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_i1394 = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/ip2sec/ip2sec.c:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datagram_section + 1, &temp, 2);
data/opencaster-3.2.2+dfsg/tools/ip2sec/ip2sec.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datagram_section + SECTION_MPE_HEADER_SIZE, packet + size_ethernet, datagram_section_size - SECTION_MPE_HEADER_SIZE);
data/opencaster-3.2.2+dfsg/tools/ip2sec/ip2sec.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE]; /* Error buffer */
data/opencaster-3.2.2+dfsg/tools/m2ts2cbrts/m2ts2cbrts.c:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null_output_ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/m2ts2cbrts/m2ts2cbrts.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input_ts_packet[TS_EXTRA_HEADER + TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/m2ts2cbrts/m2ts2cbrts.c:56:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/m2ts2cbrts/m2ts2cbrts.c:67:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obits = atol(argv[2]);
data/opencaster-3.2.2+dfsg/tools/m2ts2cbrts/m2ts2cbrts.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, input_ts_packet + 5, 2);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char padding[184];
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ip_device[IFNAMSIZ];
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[180];
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:39:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/net/tun", O_RDWR)) < 0)
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tunname[14];
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:86:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(tunname, O_RDWR);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:89:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tunname, "/dev/tun");
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:92:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tunname + 8, "%d", i);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:94:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fd=open(tunname, O_RDWR)) > 0 ) {
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[len], &crc, 4);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:205:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4100];
data/opencaster-3.2.2+dfsg/tools/mpeg2videovbv/vbv.c:166:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char es_header[HEADER_MAX_SIZE]; /* es header parsing buffer */
data/opencaster-3.2.2+dfsg/tools/mpeg2videovbv/vbv.c:171:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_es = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/mpeg2videovbv/vbv.c:172:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_output = fopen("vbvData.dat", "w+");
data/opencaster-3.2.2+dfsg/tools/pes2es/pes2es.c:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pes_header[PES_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/pes2es/pes2es.c:45:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/pes2es/pes2es.c:46:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream_id = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/pes2txt/pes2txt.c:38:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pes_header[PES_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/pes2txt/pes2txt.c:43:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:60:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null_ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:104:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char timestamp[TIME_STAMP_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:129:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:135:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid, no pusu */
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:209:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = fopen(argv[6 + open_counter], "rb");
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filelength[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:259:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(argv[1]);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:260:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sample_per_frame = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:261:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sample_rate = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:262:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame_size = atoi(argv[4]); /* es frame size */
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:264:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pts_step = atoi(argv[4]+3);
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:266:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loop_on = atoi(argv[5]) > 0;
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:267:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
current_file_pes = fopen(argv[6], "r");
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:288:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes[i - 6] = fopen(argv[i], "rb");
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:381:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(filelength, "r");
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:473:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:493:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesaudio2ts/pesaudio2ts.c:518:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes[i - 6] = fopen(argv[i], "rb");
data/opencaster-3.2.2+dfsg/tools/pesdata2ts/pesdata2ts.c:62:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid, no pusu */
data/opencaster-3.2.2+dfsg/tools/pesdata2ts/pesdata2ts.c:97:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/pesdata2ts/pesdata2ts.c:98:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/pesdata2ts/pesdata2ts.c:113:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesdata2ts/pesdata2ts.c:141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesdata2ts/pesdata2ts.c:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesinfo/pesinfo.c:57:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pes_header[PACK_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesinfo/pesinfo.c:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char timestamp[TIME_STAMP_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesinfo/pesinfo.c:63:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes = fopen(argv[1], "rb");
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:61:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet[TS_PACKET_SIZE]; /* TS packet */
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:62:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char look_ahead_buffer[PES_HEADER_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:63:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null_ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:64:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pcr_ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:84:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:263:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char timestamp[TIME_STAMP_SIZE];
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:287:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:291:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:298:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:301:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:308:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:311:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:319:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:321:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:335:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:345:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:351:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, ts_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid, no pusu */
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:447:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = fopen(argv[6 + open_counter], "rb");
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:491:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(argv[1]);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:492:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame_rate = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:494:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pcr_repetition_rate = atoi(argv[2]+3);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:499:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vbv_max = atoi(argv[3]+1);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:501:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vbv_max = atoi(argv[3]) * 16 * 1024; // bits
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:504:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts_bitrate = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:505:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loop_on = atoi(argv[5]) > 0;
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:506:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes[0] = fopen(argv[6], "rb");
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:524:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes[i - 6] = fopen(argv[i], "rb");
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:562:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:576:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcr_ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:700:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:722:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_packet + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/pesvideo2ts/pesvideo2ts.c:746:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_pes[i - 6] = fopen(argv[i], "rb");
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:60:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, g_section_head + 1, 2);
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_section, g_section_head, SECTION_HEADER_SIZE);
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:122:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(argv[1]);
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_header + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:164:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(section_memory, section_next, SECTION_MAX_SIZE + 1);
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:201:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_header + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:239:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts_header + 1, &pid, 2); /* pid */
data/opencaster-3.2.2+dfsg/tools/ts2m2ts/ts2m2ts.c:50:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_packet[TS_EXTRA_HEADER + TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/ts2m2ts/ts2m2ts.c:61:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitrate = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/ts2m2ts/ts2m2ts.c:63:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copyright_bits = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/ts2m2ts/ts2m2ts.c:66:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport_fd = open(tsfile, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/ts2m2ts/ts2m2ts.c:82:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, output_packet + TS_EXTRA_HEADER + 1, 2);
data/opencaster-3.2.2+dfsg/tools/ts2pes/ts2pes.c:49:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/ts2pes/ts2pes.c:50:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
payload_pid = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/ts2pes/ts2pes.c:52:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/ts2pes/ts2pes.c:90:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:41:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char section[MAX_TABLE_LEN];
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:85:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(§ion_header_len, section + 1, 2);
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:96:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(section + section_len, buffer, payload);
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:140:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char current_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:145:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:146:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
payload_pid = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:110:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:112:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_cc_table[MAX_PID]; /* PID table for the continuity counter of the TS packets */
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:113:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char previous_cc_table[MAX_PID]; /* two packets can have the same continuity counter under some conditions... */
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:128:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bps = atoi(&(argv[i][2]));
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:129:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[i+1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:143:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bps = atoi(&(argv[i][2]));
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:144:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[i+1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:158:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bps = atoi(&(argv[i][2]));
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:163:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[i+1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:196:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chosen_fd->fd = open(chosen_fd->filename, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:203:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, ts_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, ts_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsccc/tsccc.c:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsccc/tsccc.c:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_cc_table[MAX_PID]; /* PID table for the continuity counter of the TS packets */
data/opencaster-3.2.2+dfsg/tools/tsccc/tsccc.c:42:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char repeated_cc_table[MAX_PID];
data/opencaster-3.2.2+dfsg/tools/tsccc/tsccc.c:48:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[open_file], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsccc/tsccc.c:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tscrypt/tscrypt.c:39:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cw[CW_SIZE];
data/opencaster-3.2.2+dfsg/tools/tscrypt/tscrypt.c:46:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_cw = open(filename, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tscrypt/tscrypt.c:70:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tscrypt/tscrypt.c:74:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsdiscont/tsdiscont.c:52:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsdiscont/tsdiscont.c:79:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsdoubleoutput/tsdoubleoutput.c:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsdoubleoutput/tsdoubleoutput.c:55:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsdoubleoutput/tsdoubleoutput.c:60:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file1 = open(argv[2], O_WRONLY);
data/opencaster-3.2.2+dfsg/tools/tsdoubleoutput/tsdoubleoutput.c:65:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file2 = open(argv[3], O_WRONLY);
data/opencaster-3.2.2+dfsg/tools/tsfilter/tsfilter.c:47:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_table[MAX_PID]; /* valid PID table */
data/opencaster-3.2.2+dfsg/tools/tsfilter/tsfilter.c:53:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsfilter/tsfilter.c:65:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(&(argv[i][1]));
data/opencaster-3.2.2+dfsg/tools/tsfilter/tsfilter.c:75:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(&(argv[i][0]));
data/opencaster-3.2.2+dfsg/tools/tsfilter/tsfilter.c:101:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsfixcc/tsfixcc.c:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsfixcc/tsfixcc.c:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_cc_table[MAX_PID]; /* PID table for the continuity counter of the TS packets */
data/opencaster-3.2.2+dfsg/tools/tsfixcc/tsfixcc.c:45:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[open_file], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsfixcc/tsfixcc.c:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:56:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file1 = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:61:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file2 = open(argv[2], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:66:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:71:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
choice = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_cc_table[MAX_PID]; /* PID table for the continuity counter of the TS packets */
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:42:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char previous_cc_table[MAX_PID]; /* two packets can have the same continuity counter under some conditions... */
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:47:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[open_file], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:70:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[open_file], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsmask/tsmask.c:47:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_table[MAX_PID]; /* valid PID table */
data/opencaster-3.2.2+dfsg/tools/tsmask/tsmask.c:53:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsmask/tsmask.c:65:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(&(argv[i][1]));
data/opencaster-3.2.2+dfsg/tools/tsmask/tsmask.c:75:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(&(argv[i][0]));
data/opencaster-3.2.2+dfsg/tools/tsmask/tsmask.c:101:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:51:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_cc_table[MAX_PID]; /* PID table for the continuity counter of the TS packets */
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char previous_cc_table[MAX_PID]; /* two packets can have the same continuity counter under some conditions... */
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:66:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:75:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(&(argv[i][2]));
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:78:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(&(argv[i][1]));
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:81:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pid_table[pid] = open(argv[i+1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:110:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:117:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pid_table[pid] = open(pid_table_filename[pid], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:49:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null_ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:54:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:64:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obits = atol(argv[2]);
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:69:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ibits = atol(argv[3]);
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:79:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
input_buffer_size = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:121:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_output_packet, current_input_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_output_packet, null_ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:197:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pid_cc_table[MAX_PID]; /* PID table for the continuity counter of the TS packets */
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:202:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_input_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:214:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(&(argv[i][1]), O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:225:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(&(argv[i][2]), O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:236:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
repeat_time = atoi(&(argv[i][2]));
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:237:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[i+1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:251:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(&(argv[i][2]));
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:289:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:299:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chosen_fd.fd = open(chosen_fd.name, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:309:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chosen_fd.fd = open(chosen_fd.name, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:57:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet1[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet2[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet3[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:62:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1_file = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:67:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2_file = open(argv[2], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:72:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input3_file = open(argv[3], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:113:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input3_file = open(argv[3], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c:55:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1_file = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c:60:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2_file = open(argv[2], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c:85:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2_file = open(argv[2], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:54:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:57:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:62:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file1 = open(argv[2], O_WRONLY);
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:67:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file2 = open(argv[3], O_WRONLY);
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:72:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:136:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file1 = open(argv[2], O_WRONLY);
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:142:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file2 = open(argv[3], O_WRONLY);
data/opencaster-3.2.2+dfsg/tools/tspcrmeasure/tspcrmeasure.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet[TS_PACKET_SIZE];/* TS packet */
data/opencaster-3.2.2+dfsg/tools/tspcrmeasure/tspcrmeasure.c:50:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tspcrmeasure/tspcrmeasure.c:59:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ibits = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/tspcrmeasure/tspcrmeasure.c:76:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, ts_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:80:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char timestamp[TIME_STAMP_SIZE];
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:96:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:107:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trbits = atol(argv[2]);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:113:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:138:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(argv[i]);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:140:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pts_pcr_reference[pid] = atoi(argv[i+1]);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:155:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:262:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:266:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tspcrstamp/tspcrstamp.c:86:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tspcrstamp/tspcrstamp.c:96:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trbits = atol(argv[2]);
data/opencaster-3.2.2+dfsg/tools/tspcrstamp/tspcrstamp.c:102:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/tspcrstamp/tspcrstamp.c:131:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:48:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:62:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(&(argv[2][2]));
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:72:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(argv[i]);
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:74:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_map_table[temp] = atoi(argv[i+2]);
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:97:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:102:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:107:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_packet + 1, &temp, 2);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:75:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char timestamp[TIME_STAMP_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pts_index_table[MAX_PID];/* PTS index table for the TS packets */
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:94:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:104:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trbits = atol(argv[2]);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:110:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:140:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:214:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:218:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:225:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:228:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:235:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:238:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:246:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:248:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:266:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:270:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 14, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:277:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:283:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:288:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:299:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timestamp, current_packet + ts_header_size + 9, TIME_STAMP_SIZE);
data/opencaster-3.2.2+dfsg/tools/tstcpreceive/tstcpreceive.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUF_SIZE];
data/opencaster-3.2.2+dfsg/tools/tstcpreceive/tstcpreceive.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tstcpreceive/tstcpreceive.c:44:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[1]);
data/opencaster-3.2.2+dfsg/tools/tstcpsend/tstcpsend.c:93:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin_port = htons(atoi(argv[3]));
data/opencaster-3.2.2+dfsg/tools/tstcpsend/tstcpsend.c:94:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitrate = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/tstcpsend/tstcpsend.c:111:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport_fd = open(tsfile, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c:69:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c:77:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = atoi(&(argv[2][2]));
data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c:80:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start_time_stamp = (time_t) atoi(&(argv[2][2]));
data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c:107:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, current_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c:125:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_packet + 8, &MJD, 2);
data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c:135:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp, current_packet + 6, 2);
data/opencaster-3.2.2+dfsg/tools/tstimedwrite/tstimedwrite.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char write_buf[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tstimedwrite/tstimedwrite.c:89:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitrate = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/tstimedwrite/tstimedwrite.c:95:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport_fd = open(tsfile, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tstimeout/tstimeout.c:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tstimeout/tstimeout.c:60:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tstimeout/tstimeout.c:65:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
backup_file = open(argv[2], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tstimeout/tstimeout.c:70:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[3]);
data/opencaster-3.2.2+dfsg/tools/tsudpreceive/tsudpreceive.c:53:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char udp_packet[UDP_MAXIMUM_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsudpreceive/tsudpreceive.c:70:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin_port = htons(atoi(argv[2]));
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start_addr[4];
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:99:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin_port = htons(atoi(argv[3]));
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:100:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitrate = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:118:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_ttl = atoi(argv[6]);
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:120:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start_addr, argv[2], 3);
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:122:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
is_multicast = atoi(start_addr);
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:136:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport_fd = open(tsfile, O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c:35:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null_ts_packet[TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c:37:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_packet_buffer[OUTPUT_BUFFER_IN_PACKETS * TS_PACKET_SIZE];
data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_output_packet, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c:121:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ts = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c:132:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obits = atol(argv[2]);
data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pid, ts_packet + 1, 2);
data/opencaster-3.2.2+dfsg/tools/txt2pes/txt2pes.c:60:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_es = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/txt2pes/txt2pes.c:61:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
txtunitperpes = atoi(argv[2]);
data/opencaster-3.2.2+dfsg/tools/txt2pes/txt2pes.c:67:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pts_increment = atoi(argv[4]);
data/opencaster-3.2.2+dfsg/tools/txt2pes/txt2pes.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pes_packet + 4, &temp, sizeof(unsigned short));
data/opencaster-3.2.2+dfsg/tools/txt2pes/txt2pes.c:120:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_es = open(argv[1], O_RDONLY);
data/opencaster-3.2.2+dfsg/tools/zpipe/zpipe.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[CHUNK];
data/opencaster-3.2.2+dfsg/tools/zpipe/zpipe.c:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[CHUNK];
data/opencaster-3.2.2+dfsg/tools/zpipe/zpipe.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[CHUNK];
data/opencaster-3.2.2+dfsg/tools/zpipe/zpipe.c:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[CHUNK];
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/table.c:56:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(STDIN_FILENO, section_head, SECTION_HEADER_SIZE)) {
data/opencaster-3.2.2+dfsg/tools/dsmcc-receive/table.c:68:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(STDIN_FILENO, buffer + SECTION_HEADER_SIZE, section_size);
data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c:49:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, g_section_head, SECTION_HEADER_SIZE)) {
data/opencaster-3.2.2+dfsg/tools/eitsecactualtoanother/eitsecactualtoanother.c:60:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, g_section + SECTION_HEADER_SIZE, *section_size);
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:53:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, g_section_head, SECTION_HEADER_SIZE)) {
data/opencaster-3.2.2+dfsg/tools/eitsecfilter/eitsecfilter.c:64:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, g_section + SECTION_HEADER_SIZE, *section_size);
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:49:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, g_section_head, SECTION_HEADER_SIZE)) {
data/opencaster-3.2.2+dfsg/tools/eitsecmapper/eitsecmapper.c:60:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, g_section + SECTION_HEADER_SIZE, *section_size);
data/opencaster-3.2.2+dfsg/tools/m2ts2cbrts/m2ts2cbrts.c:97:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, input_ts_packet, TS_EXTRA_HEADER + TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:50:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:74:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev, ifr.ifr_name, IFNAMSIZ);
data/opencaster-3.2.2+dfsg/tools/mpe2sec/mpe.c:208:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(tun_fd, tun_header, sizeof(buf));
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:57:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, g_section_head, SECTION_HEADER_SIZE)) {
data/opencaster-3.2.2+dfsg/tools/sec2ts/sec2ts.c:68:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, g_section + SECTION_HEADER_SIZE, *section_size);
data/opencaster-3.2.2+dfsg/tools/ts2m2ts/ts2m2ts.c:75:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(transport_fd, output_packet + TS_EXTRA_HEADER, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/ts2pes/ts2pes.c:85:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/ts2sec/ts2sec.c:165:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, current_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:190:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(chosen_fd->fd, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tscbrmuxer/tscbrmuxer.c:201:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(chosen_fd->fd, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsccc/tsccc.c:67:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tscrypt/tscrypt.c:51:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int byte_read = read(fd_cw, cw, CW_SIZE);
data/opencaster-3.2.2+dfsg/tools/tscrypt/tscrypt.c:90:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsdiscont/tsdiscont.c:76:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tsdoubleoutput/tsdoubleoutput.c:80:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsfilter/tsfilter.c:96:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tsfixcc/tsfixcc.c:63:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:133:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file2, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:134:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file1, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:136:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file1, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:137:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file2, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:139:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file1, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsinputswitch/tsinputswitch.c:141:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file2, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:64:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsloop/tsloop.c:75:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsmask/tsmask.c:96:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:105:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:114:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(pid_table[pid], current_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsmodder/tsmodder.c:118:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(pid_table[pid], current_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsnullfiller/tsnullfiller.c:112:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, input_packet_buffer, input_buffer_size);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:281:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd_input_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:296:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(chosen_fd.fd, current_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:300:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(chosen_fd.fd, current_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:306:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(chosen_fd.fd, current_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsnullshaper/tsnullshaper.c:310:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(chosen_fd.fd, current_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:89:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read1 = read(input1_file, ts_packet1 + index1, TS_PACKET_SIZE - index1);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:91:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read2 = read(input2_file, ts_packet2 + index2, TS_PACKET_SIZE - index2);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:110:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read3 = read(input3_file, ts_packet3, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsororts/tsororts.c:118:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read3 = read(input3_file, ts_packet3, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c:74:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input1_file, ts_packet + index, TS_PACKET_SIZE - index);
data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c:82:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input2_file, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsorts/tsorts.c:90:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input2_file, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsoutputswitch/tsoutputswitch.c:132:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file, packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tspcrmeasure/tspcrmeasure.c:73:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tspcrrestamp/tspcrrestamp.c:151:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tspcrstamp/tspcrstamp.c:127:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tspidmapper/tspidmapper.c:92:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tsstamp/tsstamp.c:136:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tstcpsend/tstcpsend.c:144:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(transport_fd, send_buf, packet_size);
data/opencaster-3.2.2+dfsg/tools/tstdt/tstdt.c:102:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(fd_ts, packet_buffer, buffer_size);
data/opencaster-3.2.2+dfsg/tools/tstimedwrite/tstimedwrite.c:113:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(transport_fd, write_buf, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tstimeout/tstimeout.c:98:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(input_file, ts_packet + index, TS_PACKET_SIZE - index);
data/opencaster-3.2.2+dfsg/tools/tstimeout/tstimeout.c:110:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(backup_file, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/tsudpsend/tsudpsend.c:157:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(transport_fd, send_buf, packet_size);
data/opencaster-3.2.2+dfsg/tools/tsvbr2cbr/tsvbr2cbr.c:159:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(fd_ts, ts_packet, TS_PACKET_SIZE);
data/opencaster-3.2.2+dfsg/tools/txt2pes/txt2pes.c:109:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte_read = read(file_es, pes_packet + packet_index, EBU_UNIT_SIZE);
ANALYSIS SUMMARY:
Hits = 465
Lines analyzed = 12935 in approximately 0.48 seconds (26971 lines/second)
Physical Source Lines of Code (SLOC) = 8952
Hits@level = [0] 556 [1] 65 [2] 389 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 1021 [1+] 465 [2+] 400 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 114.053 [1+] 51.9437 [2+] 44.6828 [3+] 1.22878 [4+] 1.22878 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.