Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vdr-plugin-osdteletext-0.9.7/txtrender.c
Examining data/vdr-plugin-osdteletext-0.9.7/storage.h
Examining data/vdr-plugin-osdteletext-0.9.7/storage.c
Examining data/vdr-plugin-osdteletext-0.9.7/txtrender.h
Examining data/vdr-plugin-osdteletext-0.9.7/tables.h
Examining data/vdr-plugin-osdteletext-0.9.7/display.h
Examining data/vdr-plugin-osdteletext-0.9.7/rootdir.h
Examining data/vdr-plugin-osdteletext-0.9.7/legacystorage.h
Examining data/vdr-plugin-osdteletext-0.9.7/txtfont.c
Examining data/vdr-plugin-osdteletext-0.9.7/osdteletext.c
Examining data/vdr-plugin-osdteletext-0.9.7/legacystorage.c
Examining data/vdr-plugin-osdteletext-0.9.7/txtrecv.h
Examining data/vdr-plugin-osdteletext-0.9.7/txtrecv.c
Examining data/vdr-plugin-osdteletext-0.9.7/packedstorage.c
Examining data/vdr-plugin-osdteletext-0.9.7/setup.h
Examining data/vdr-plugin-osdteletext-0.9.7/displaybase.c
Examining data/vdr-plugin-osdteletext-0.9.7/displaybase.h
Examining data/vdr-plugin-osdteletext-0.9.7/rootdir.c
Examining data/vdr-plugin-osdteletext-0.9.7/menu.h
Examining data/vdr-plugin-osdteletext-0.9.7/pageid.h
Examining data/vdr-plugin-osdteletext-0.9.7/menu.c
Examining data/vdr-plugin-osdteletext-0.9.7/display.c
Examining data/vdr-plugin-osdteletext-0.9.7/packedstorage.h
Examining data/vdr-plugin-osdteletext-0.9.7/txtfont.h
FINAL RESULTS:
data/vdr-plugin-osdteletext-0.9.7/displaybase.c:76:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return std::string(cString::sprintf("%s_%d_%d_%d", name, fontWidth, fontHeight, Zoom));
data/vdr-plugin-osdteletext-0.9.7/menu.c:569:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cString str = cString::sprintf(selectingChannelNumber > 0 ? "%s%d" : "%s", tr("Channel (press OK): "), selectingChannelNumber);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:413:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buf = cString::sprintf("%s:", tr("Key bindings"));
data/vdr-plugin-osdteletext-0.9.7/storage.c:108:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(minDir, fullPath);
data/vdr-plugin-osdteletext-0.9.7/storage.c:135:26: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
currentDir = cString::sprintf("%s/%s", root, *chan.ToString());
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:152:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "s:d:n:t", long_options, NULL)) != -1) {
data/vdr-plugin-osdteletext-0.9.7/displaybase.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/vdr-plugin-osdteletext-0.9.7/displaybase.c:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[9];
data/vdr-plugin-osdteletext-0.9.7/displaybase.c:444:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%02d:%02d:%02d", loct.tm_hour, loct.tm_min, loct.tm_sec);
data/vdr-plugin-osdteletext-0.9.7/legacystorage.c:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/legacystorage.c:97:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
StorageHandle ret=(StorageHandle)open(filename, O_RDONLY);
data/vdr-plugin-osdteletext-0.9.7/legacystorage.c:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/legacystorage.c:107:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
StorageHandle fd=(StorageHandle)open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/vdr-plugin-osdteletext-0.9.7/legacystorage.c:117:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=(StorageHandle)open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/vdr-plugin-osdteletext-0.9.7/menu.c:557:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[8];
data/vdr-plugin-osdteletext-0.9.7/menu.c:558:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%3x-%02x", currentPage, currentSubPage);
data/vdr-plugin-osdteletext-0.9.7/menu.c:577:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cache[40*24+12];
data/vdr-plugin-osdteletext-0.9.7/menu.c:608:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/vdr-plugin-osdteletext-0.9.7/menu.h:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/menu.h:50:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page[40][24];
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:165:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(optarg);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:266:102: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!strcasecmp(Name, "configuredClrBackground")) ttSetup.configuredClrBackground=( ((unsigned int)atoi(Value)) << 24);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:267:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "showClock")) ttSetup.showClock=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:269:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "suspendReceiving")) ttSetup.suspendReceiving=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:270:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "autoUpdatePage")) ttSetup.autoUpdatePage=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:271:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "OSDheight")) ttSetup.OSDheight=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:272:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "OSDwidth")) ttSetup.OSDwidth=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:273:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "OSDHAlign")) ttSetup.OSDHAlign=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:274:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "OSDVAlign")) ttSetup.OSDVAlign=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:276:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "HideMainMenu")) ttSetup.HideMainMenu=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:278:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "txtG0Block")) ttSetup.txtG0Block=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:279:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (!strcasecmp(Name, "txtG2Block")) ttSetup.txtG2Block=atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:283:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ttSetup.mapKeyToAction[i]=(eTeletextAction)atoi(Value);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:294:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char act[7];
data/vdr-plugin-osdteletext-0.9.7/packedstorage.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/packedstorage.c:87:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int desc=open(filename, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/vdr-plugin-osdteletext-0.9.7/packedstorage.c:101:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
desc=open(filename, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/vdr-plugin-osdteletext-0.9.7/setup.h:54:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *txtBlock[11];
data/vdr-plugin-osdteletext-0.9.7/storage.c:19:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullPath[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/storage.c:45:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullPath[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/storage.c:93:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minDir[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/storage.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullPath[PATH_MAX];
data/vdr-plugin-osdteletext-0.9.7/tables.h:10:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char invtab[256] = {
data/vdr-plugin-osdteletext-0.9.7/tables.h:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unhamtab[256] = {
data/vdr-plugin-osdteletext-0.9.7/txtrecv.c:41:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuf+40*line,myptr,40);
data/vdr-plugin-osdteletext-0.9.7/txtrecv.h:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pagebuf[27*40];
data/vdr-plugin-osdteletext-0.9.7/legacystorage.h:27:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual ssize_t read(void *ptr, size_t size, StorageHandle stream)
data/vdr-plugin-osdteletext-0.9.7/legacystorage.h:28:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ return ::read((int)stream, ptr, size); }
data/vdr-plugin-osdteletext-0.9.7/menu.c:593:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
storage->read(cache,sizeof cache,fd); // Read full page data
data/vdr-plugin-osdteletext-0.9.7/menu.c:628:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
storage->read(cache, 12, fd); //skip
data/vdr-plugin-osdteletext-0.9.7/menu.c:629:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
storage->read(cache, sizeof(cache), fd);
data/vdr-plugin-osdteletext-0.9.7/osdteletext.c:295:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(act, Name, 7);
data/vdr-plugin-osdteletext-0.9.7/packedstorage.c:25:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (::read(desc, addr, sizeof(addr)) == sizeof(addr)) {
data/vdr-plugin-osdteletext-0.9.7/storage.c:48:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(txtfile->d_name);
data/vdr-plugin-osdteletext-0.9.7/storage.h:49:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual ssize_t read(void *ptr, size_t size, StorageHandle stream) = 0;
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 11375 in approximately 0.23 seconds (49367 lines/second)
Physical Source Lines of Code (SLOC) = 9963
Hits@level = [0] 11 [1] 9 [2] 40 [3] 1 [4] 5 [5] 0
Hits@level+ = [0+] 66 [1+] 55 [2+] 46 [3+] 6 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 6.62451 [1+] 5.52043 [2+] 4.61708 [3+] 0.602228 [4+] 0.501857 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.