stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vdr-plugin-epgsync-1.0.1/epgsync.c
Examining data/vdr-plugin-epgsync-1.0.1/setup.c
Examining data/vdr-plugin-epgsync-1.0.1/setup.h
Examining data/vdr-plugin-epgsync-1.0.1/svdrpservice.h
Examining data/vdr-plugin-epgsync-1.0.1/thread.h
Examining data/vdr-plugin-epgsync-1.0.1/thread.c

FINAL RESULTS:

data/vdr-plugin-epgsync-1.0.1/setup.c:85:53:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	redirectChannelsTexts[rcmIdName] = strdup(cString::sprintf("ID, %s", trVDR("Name")));
data/vdr-plugin-epgsync-1.0.1/setup.c:86:53:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	redirectChannelsTexts[rcmNameId] = strdup(cString::sprintf("%s, ID", trVDR("Name")));
data/vdr-plugin-epgsync-1.0.1/thread.c:147:31:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
						if (CmdLSTE(f, cString::sprintf("%.*s", (int)(p - s), s))) {
data/vdr-plugin-epgsync-1.0.1/thread.c:178:25:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	cmd.command = cString::sprintf("LSTE %s\r\n", Arg ? Arg : "");
data/vdr-plugin-epgsync-1.0.1/setup.c:44:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		hideMainMenuEntry = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:48:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		serverPort = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:50:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		connectAttempts = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:52:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		nowNext = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:54:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		channelByChannel = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:56:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		syncOnStart = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:58:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		everyHours = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:60:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		redirectChannels = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.c:62:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		channelTypes = atoi(Value);
data/vdr-plugin-epgsync-1.0.1/setup.h:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char serverIp[MAX_IP_LENGTH];
data/vdr-plugin-epgsync-1.0.1/thread.c:90:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	FILE *f = tmpfile();

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 671 in approximately 0.03 seconds (26494 lines/second)
Physical Source Lines of Code (SLOC) = 522
Hits@level = [0]   0 [1]   0 [2]  11 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  15 [1+]  15 [2+]  15 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 28.7356 [1+] 28.7356 [2+] 28.7356 [3+] 7.66284 [4+] 7.66284 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.