Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vdr-plugin-satip-2.4.0/rtsp.h Examining data/vdr-plugin-satip-2.4.0/statistics.h Examining data/vdr-plugin-satip-2.4.0/tunerif.h Examining data/vdr-plugin-satip-2.4.0/setup.h Examining data/vdr-plugin-satip-2.4.0/msearch.h Examining data/vdr-plugin-satip-2.4.0/server.h Examining data/vdr-plugin-satip-2.4.0/discover.c Examining data/vdr-plugin-satip-2.4.0/log.h Examining data/vdr-plugin-satip-2.4.0/config.h Examining data/vdr-plugin-satip-2.4.0/server.c Examining data/vdr-plugin-satip-2.4.0/rtcp.h Examining data/vdr-plugin-satip-2.4.0/satip.c Examining data/vdr-plugin-satip-2.4.0/param.h Examining data/vdr-plugin-satip-2.4.0/rtp.h Examining data/vdr-plugin-satip-2.4.0/deviceif.h Examining data/vdr-plugin-satip-2.4.0/device.c Examining data/vdr-plugin-satip-2.4.0/rtp.c Examining data/vdr-plugin-satip-2.4.0/sectionfilter.h Examining data/vdr-plugin-satip-2.4.0/rtsp.c Examining data/vdr-plugin-satip-2.4.0/rtcp.c Examining data/vdr-plugin-satip-2.4.0/pollerif.h Examining data/vdr-plugin-satip-2.4.0/poller.h Examining data/vdr-plugin-satip-2.4.0/socket.c Examining data/vdr-plugin-satip-2.4.0/config.c Examining data/vdr-plugin-satip-2.4.0/msearch.c Examining data/vdr-plugin-satip-2.4.0/param.c Examining data/vdr-plugin-satip-2.4.0/common.c Examining data/vdr-plugin-satip-2.4.0/tuner.h Examining data/vdr-plugin-satip-2.4.0/device.h Examining data/vdr-plugin-satip-2.4.0/common.h Examining data/vdr-plugin-satip-2.4.0/setup.c Examining data/vdr-plugin-satip-2.4.0/statistics.c Examining data/vdr-plugin-satip-2.4.0/poller.c Examining data/vdr-plugin-satip-2.4.0/discover.h Examining data/vdr-plugin-satip-2.4.0/discoverif.h Examining data/vdr-plugin-satip-2.4.0/socket.h Examining data/vdr-plugin-satip-2.4.0/tuner.c Examining data/vdr-plugin-satip-2.4.0/sectionfilter.c FINAL RESULTS: data/vdr-plugin-satip-2.4.0/device.c:25:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. deviceNameM(*cString::sprintf("%s %d", *DeviceType(), deviceIndexM)), data/vdr-plugin-satip-2.4.0/device.c:34:46: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. *cString::sprintf("SATIP#%d TS", deviceIndexM)); data/vdr-plugin-satip-2.4.0/device.c:119:26: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%sDevice: %s\n", *info, *device->DeviceName()); data/vdr-plugin-satip-2.4.0/device.c:121:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%sCardIndex: %d HasLock: yes Strength: %d Quality: %d%s\n", *info, device->CardIndex(), device->SignalStrength(), device->SignalQuality(), live ? " Live: yes" : ""); data/vdr-plugin-satip-2.4.0/device.c:123:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%sCardIndex: %d HasLock: no\n", *info, device->CardIndex()); data/vdr-plugin-satip-2.4.0/device.c:126:32: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%sTransponder: %d Channel: %s\n", *info, channel->Transponder(), channel->Name()); data/vdr-plugin-satip-2.4.0/device.c:128:32: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%sTransponder: %d\n", *info, channel->Transponder()); data/vdr-plugin-satip-2.4.0/device.c:131:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%sRecording: %d timer%s\n", *info, timers, (timers > 1) ? "s" : ""); data/vdr-plugin-satip-2.4.0/device.c:132:26: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%s\n", *info); data/vdr-plugin-satip-2.4.0/device.c:142:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("SAT>IP device: %d\nCardIndex: %d\nStream: %s\nSignal: %s\nStream bitrate: %s\n%sChannel: %s\n", data/vdr-plugin-satip-2.4.0/device.c:160:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("Active section filters:\n%s", pSectionFilterHandlerM ? *pSectionFilterHandlerM->GetInformation() : ""); data/vdr-plugin-satip-2.4.0/device.c:184:23: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s = cString::sprintf("%s%s%s", data/vdr-plugin-satip-2.4.0/device.c:209:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("%s %d", *DeviceType(), deviceIndexM); data/vdr-plugin-satip-2.4.0/device.c:369:32: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. deviceNameM = cString::sprintf("%s %d %s", *DeviceType(), deviceIndexM, *cSatipDiscover::GetInstance()->GetServerString(server)); data/vdr-plugin-satip-2.4.0/device.c:377:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. deviceNameM = cString::sprintf("%s %d", *DeviceType(), deviceIndexM); data/vdr-plugin-satip-2.4.0/discover.c:207:67: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. SATIP_CURL_EASY_SETOPT(handleM, CURLOPT_USERAGENT, *cString::sprintf("vdr-%s/%s", PLUGIN_NAME_I18N, VERSION)); data/vdr-plugin-satip-2.4.0/discover.c:287:36: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString desc = cString::sprintf("%s #%d", !isempty(descP) ? descP : "MyBrokenHardware", n++); data/vdr-plugin-satip-2.4.0/param.c:502:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d", data/vdr-plugin-satip-2.4.0/rtcp.c:107:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("RTCP [device %d]", tunerM.GetId()); data/vdr-plugin-satip-2.4.0/rtp.c:164:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("RTP [device %d]", tunerM.GetId()); data/vdr-plugin-satip-2.4.0/rtsp.c:168:67: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. SATIP_CURL_EASY_SETOPT(handleM, CURLOPT_USERAGENT, *cString::sprintf("vdr-%s/%s (device %d)", PLUGIN_NAME_I18N, VERSION, tunerM.GetId())); data/vdr-plugin-satip-2.4.0/rtsp.c:200:67: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. SATIP_CURL_EASY_SETOPT(handleM, CURLOPT_INTERFACE, *cString::sprintf("host!%s", bindAddrP)); data/vdr-plugin-satip-2.4.0/rtsp.c:245:34: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. transport = cString::sprintf("RTP/AVP;multicast"); data/vdr-plugin-satip-2.4.0/rtsp.c:251:37: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. transport = cString::sprintf("RTP/AVP/TCP;unicast;interleaved=%u-%u", interleavedRtpIdM, interleavedRtcpIdM); data/vdr-plugin-satip-2.4.0/rtsp.c:253:37: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. transport = cString::sprintf("RTP/AVP;unicast;client_port=%d-%d", rtpPortP, rtcpPortP); data/vdr-plugin-satip-2.4.0/satip.c:171:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString info = cString::sprintf("Using CURL %s", data->version); data/vdr-plugin-satip-2.4.0/satip.c:175:26: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info = cString::sprintf("%s %s", *info, data->protocols[i]); data/vdr-plugin-satip-2.4.0/satip.c:500:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("SATIP information mode: %s\n", mode ? "bytes" : "bits"); data/vdr-plugin-satip-2.4.0/satip.c:520:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("SATIP device count: %u", cSatipDevice::Count()); data/vdr-plugin-satip-2.4.0/satip.c:553:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("SATIP operating mode: %s\n", *mode); data/vdr-plugin-satip-2.4.0/satip.c:568:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("SATIP tracing mode: 0x%04X\n", SatipConfig.GetTraceMode()); data/vdr-plugin-satip-2.4.0/sectionfilter.c:239:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. : cThread(cString::sprintf("SATIP#%d section handler", deviceIndexP)), data/vdr-plugin-satip-2.4.0/sectionfilter.c:240:75: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. ringBufferM(new cRingBufferLinear(bufferLenP, TS_SIZE, false, *cString::sprintf("SATIP %d section handler", deviceIndexP))), data/vdr-plugin-satip-2.4.0/sectionfilter.c:354:23: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s = cString::sprintf("%sFilter %d: %s Pid=0x%02X (%s)\n", *s, i, data/vdr-plugin-satip-2.4.0/server.c:111:33: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. filtersM = cString::sprintf("%s%s%s", *filtersM, isempty(*filtersM) ? "" : ",", *cSource::ToString(sourceFiltersM[j])); data/vdr-plugin-satip-2.4.0/server.c:161:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. quirksM = cString::sprintf("%s%sSessionId", *quirksM, isempty(*quirksM) ? "" : ","); data/vdr-plugin-satip-2.4.0/server.c:163:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. quirksM = cString::sprintf("%s%sPlayPids", *quirksM, isempty(*quirksM) ? "" : ","); data/vdr-plugin-satip-2.4.0/server.c:165:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. quirksM = cString::sprintf("%s%sForceLock", *quirksM, isempty(*quirksM) ? "" : ","); data/vdr-plugin-satip-2.4.0/server.c:167:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. quirksM = cString::sprintf("%s%sRtpOverTcp", *quirksM, isempty(*quirksM) ? "" : ","); data/vdr-plugin-satip-2.4.0/server.c:169:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. quirksM = cString::sprintf("%s%sCiXpmt", *quirksM, isempty(*quirksM) ? "" : ","); data/vdr-plugin-satip-2.4.0/server.c:171:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. quirksM = cString::sprintf("%s%sCiTnr", *quirksM, isempty(*quirksM) ? "" : ","); data/vdr-plugin-satip-2.4.0/server.c:173:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. quirksM = cString::sprintf("%s%sForcePilot", *quirksM, isempty(*quirksM) ? "" : ","); data/vdr-plugin-satip-2.4.0/server.c:492:26: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. list = cString::sprintf("%s|%s|%s", s->Address(), s->Model(), s->Description()); data/vdr-plugin-satip-2.4.0/server.c:504:26: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. list = cString::sprintf("%s%c %s|%s|%s\n", *list, s->IsActive() ? '+' : '-', s->Address(), s->Model(), s->Description()); data/vdr-plugin-satip-2.4.0/server.c:506:26: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. list = cString::sprintf("%s%c %s@%s|%s|%s\n", *list, s->IsActive() ? '+' : '-', s->SrcAddress(), s->Address(), s->Model(), s->Description()); data/vdr-plugin-satip-2.4.0/setup.c:43:24: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. SetValue(cString::sprintf("%s - %s", *cSource::ToString(source->Code()), source->Description())); data/vdr-plugin-satip-2.4.0/setup.c:108:87: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. addressM(serverP ? (isempty(serverP->SrcAddress()) ? serverP->Address() : *cString::sprintf("%s@%s", serverP->SrcAddress(), serverP->Address())) : "---"), data/vdr-plugin-satip-2.4.0/setup.c:126:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Address"), *addressM), osUnknown, false)); data/vdr-plugin-satip-2.4.0/setup.c:127:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Model"), *modelM), osUnknown, false)); data/vdr-plugin-satip-2.4.0/setup.c:128:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Description"), *descriptionM), osUnknown, false)); data/vdr-plugin-satip-2.4.0/setup.c:129:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("CI extension"), *ciExtensionM), osUnknown, false)); data/vdr-plugin-satip-2.4.0/setup.c:130:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cOsdItem(cString::sprintf("%s:\t%s", tr("Creation date"), *DayDateTime(createdM)), osUnknown, false)); data/vdr-plugin-satip-2.4.0/setup.c:170:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. SetText(*cString::sprintf("%s %s (%s)\t%s", serverM->IsActive() ? "+" : "-", isempty(serverM->SrcAddress()) ? serverM->Address() : *cString::sprintf("%s@%s", serverM->SrcAddress(), serverM->Address()), serverM->Model(), serverM->Description())); data/vdr-plugin-satip-2.4.0/setup.c:170:144: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. SetText(*cString::sprintf("%s %s (%s)\t%s", serverM->IsActive() ? "+" : "-", isempty(serverM->SrcAddress()) ? serverM->Address() : *cString::sprintf("%s@%s", serverM->SrcAddress(), serverM->Address()), serverM->Model(), serverM->Description())); data/vdr-plugin-satip-2.4.0/setup.c:396:46: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cMenuEditStraItem(*cString::sprintf(" %s #%d", tr("CI/CAM"), i + 1), &cicamsM[i], ELEMENTS(cicamTextsM), cicamTextsM)); data/vdr-plugin-satip-2.4.0/setup.c:407:46: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cSatipEditSrcItem(*cString::sprintf(" %s %d", trVDR("Source"), i + 1), &disabledSourcesM[i])); data/vdr-plugin-satip-2.4.0/setup.c:415:46: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. Add(new cMenuEditStraItem(*cString::sprintf(" %s %d", tr("Filter"), i + 1), &disabledFilterIndexesM[i], SECTION_FILTER_TABLE_SIZE, disabledFilterNamesM)); data/vdr-plugin-satip-2.4.0/setup.c:499:66: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return AddSubMenu(new cMenuText(cString::sprintf("%s - %s '%s'", tr("Help"), trVDR("Plugin"), PLUGIN_NAME_I18N), helpM[Current()])); data/vdr-plugin-satip-2.4.0/setup.c:526:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. buffer = cString::sprintf("%s %d", *buffer, cicamsP[i]); data/vdr-plugin-satip-2.4.0/setup.c:528:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. buffer = cString::sprintf("%d", cicamsP[i]); data/vdr-plugin-satip-2.4.0/setup.c:542:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. buffer = cString::sprintf("%s %s", *buffer, *cSource::ToString(sourcesP[i])); data/vdr-plugin-satip-2.4.0/setup.c:544:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. buffer = cString::sprintf("%s", *cSource::ToString(sourcesP[i])); data/vdr-plugin-satip-2.4.0/setup.c:558:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. buffer = cString::sprintf("%s %d", *buffer, valuesP[i]); data/vdr-plugin-satip-2.4.0/setup.c:560:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. buffer = cString::sprintf("%d", valuesP[i]); data/vdr-plugin-satip-2.4.0/statistics.c:40:24: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString s = cString::sprintf("%4ld (%4ld k%s/s)", numberOfCallsM, bitrate, data/vdr-plugin-satip-2.4.0/statistics.c:87:23: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s = cString::sprintf("%sPid %d: %4d (%4ld k%s/s)\n", *s, i, data/vdr-plugin-satip-2.4.0/statistics.c:163:24: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString s = cString::sprintf("%ld k%s/s", bitrate, SatipConfig.GetUseBytes() ? "B" : "bit"); data/vdr-plugin-satip-2.4.0/statistics.c:207:24: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString s = cString::sprintf("Buffer bitrate: %ld k%s/s\nBuffer usage: %ld/%ld k%s (%2.1f%%)\n", bitrate, data/vdr-plugin-satip-2.4.0/tuner.c:19:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. : cThread(cString::sprintf("SATIP#%d tuner", deviceP.GetId())), data/vdr-plugin-satip-2.4.0/tuner.c:221:32: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString uri = cString::sprintf("%sstream=%d?%s", *connectionUri, streamIdM, *streamParamM); data/vdr-plugin-satip-2.4.0/tuner.c:229:32: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString uri = cString::sprintf("%s?%s", *connectionUri, *streamParamM); data/vdr-plugin-satip-2.4.0/tuner.c:260:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString uri = cString::sprintf("%sstream=%d", *GetBaseUrl(*streamAddrM, streamPortM), streamIdM); data/vdr-plugin-satip-2.4.0/tuner.c:423:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("rtsp://%s:%d/", addressP, portP); data/vdr-plugin-satip-2.4.0/tuner.c:425:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("rtsp://%s/", addressP); data/vdr-plugin-satip-2.4.0/tuner.c:447:62: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. streamParamM = rtspM.RtspUnescapeString(*cString::sprintf("%s&plts=on", parameterP)); data/vdr-plugin-satip-2.4.0/tuner.c:486:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString uri = cString::sprintf("%sstream=%d", *GetBaseUrl(*streamAddrM, streamPortM), streamIdM); data/vdr-plugin-satip-2.4.0/tuner.c:491:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. uri = cString::sprintf("%s?pids=%s", *uri, *pidsM.ListPids()); data/vdr-plugin-satip-2.4.0/tuner.c:493:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. uri = cString::sprintf("%s,%d", *uri, eDummyPid); data/vdr-plugin-satip-2.4.0/tuner.c:497:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. uri = cString::sprintf("%s?addpids=%s", *uri, *addPidsM.ListPids()); data/vdr-plugin-satip-2.4.0/tuner.c:499:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. uri = cString::sprintf("%s%sdelpids=%s", *uri, addPidsM.Size() ? "&" : "?", *delPidsM.ListPids()); data/vdr-plugin-satip-2.4.0/tuner.c:512:30: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. uri = cString::sprintf("%s&x_pmt=%d", *uri, pid); data/vdr-plugin-satip-2.4.0/tuner.c:514:33: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. uri = cString::sprintf("%s&x_ci=%d", *uri, slot); data/vdr-plugin-satip-2.4.0/tuner.c:523:30: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. uri = cString::sprintf("%s&tnr=%s", *uri, *param); data/vdr-plugin-satip-2.4.0/tuner.c:563:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString uri = cString::sprintf("%sstream=%d", *GetBaseUrl(*streamAddrM, streamPortM), streamIdM); data/vdr-plugin-satip-2.4.0/tuner.c:698:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return cString::sprintf("lock=%d strength=%d quality=%d frontend=%d", HasLock(), SignalStrength(), SignalQuality(), FrontendId()); data/vdr-plugin-satip-2.4.0/tuner.c:704:48: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return (currentStateM >= tsTuned) ? cString::sprintf("%s?%s (%s) [stream=%d]", *GetBaseUrl(*streamAddrM, streamPortM), *streamParamM, *rtspM.GetActiveMode(), streamIdM) : "connection failed"; data/vdr-plugin-satip-2.4.0/tuner.h:45:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. list = cString::sprintf("%s%d,", *list, At(i)); data/vdr-plugin-satip-2.4.0/tuner.h:74:43: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cString GetInfo(void) { return cString::sprintf("server=%s deviceid=%d transponder=%d", serverM ? "assigned" : "null", deviceIdM, transponderM); } data/vdr-plugin-satip-2.4.0/satip.c:117:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "d:t:s:p:r:DSn", long_options, NULL)) != -1) { data/vdr-plugin-satip-2.4.0/common.h:56:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; \ data/vdr-plugin-satip-2.4.0/common.h:117:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(dataM[sizeM]), dataP, sizeP); data/vdr-plugin-satip-2.4.0/param.c:146:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[255]; data/vdr-plugin-satip-2.4.0/param.c:153:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int src = (strchr("S", type) && source) ? atoi(source->Description()) : 1; data/vdr-plugin-satip-2.4.0/satip.c:344:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cicamsP[n++] = atoi(r); data/vdr-plugin-satip-2.4.0/satip.c:373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/vdr-plugin-satip-2.4.0/satip.c:377:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int i = atoi(buffer); data/vdr-plugin-satip-2.4.0/satip.c:392:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SatipConfig.SetOperatingMode(atoi(valueP)); data/vdr-plugin-satip-2.4.0/satip.c:394:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SatipConfig.SetCIExtension(atoi(valueP)); data/vdr-plugin-satip-2.4.0/satip.c:404:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SatipConfig.SetEITScan(atoi(valueP)); data/vdr-plugin-satip-2.4.0/satip.c:422:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SatipConfig.SetTransportMode(atoi(valueP)); data/vdr-plugin-satip-2.4.0/satip.c:480:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index = atoi(option); data/vdr-plugin-satip-2.4.0/satip.c:483:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). page = atoi(num); data/vdr-plugin-satip-2.4.0/sectionfilter.c:54:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; data/vdr-plugin-satip-2.4.0/sectionfilter.c:58:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; data/vdr-plugin-satip-2.4.0/sectionfilter.c:135:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secBufBaseM + tsFeedpM, bufP, lenP); data/vdr-plugin-satip-2.4.0/server.c:187:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int count = atoi(c + 6); data/vdr-plugin-satip-2.4.0/server.c:192:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int count = atoi(c + 5); data/vdr-plugin-satip-2.4.0/server.c:197:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int count = atoi(c + 6); data/vdr-plugin-satip-2.4.0/server.c:202:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int count = atoi(c + 5); data/vdr-plugin-satip-2.4.0/server.c:207:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int count = atoi(c + 6); data/vdr-plugin-satip-2.4.0/setup.h:22:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *operatingModeTextsM[cSatipConfig::eOperatingModeCount]; data/vdr-plugin-satip-2.4.0/setup.h:23:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *transportModeTextsM[cSatipConfig::eTransportModeCount]; data/vdr-plugin-satip-2.4.0/setup.h:26:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *cicamTextsM[CA_SYSTEMS_TABLE_SIZE]; data/vdr-plugin-satip-2.4.0/setup.h:32:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *disabledFilterNamesM[SECTION_FILTER_TABLE_SIZE]; data/vdr-plugin-satip-2.4.0/socket.c:175:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; data/vdr-plugin-satip-2.4.0/socket.c:269:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[256]; data/vdr-plugin-satip-2.4.0/tuner.c:321:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[lengthP]; data/vdr-plugin-satip-2.4.0/tuner.c:322:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, (char *)bufferP, lengthP); data/vdr-plugin-satip-2.4.0/tuner.c:329:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). frontendIdM = atoi(c + 7); data/vdr-plugin-satip-2.4.0/tuner.c:338:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = min(atoi(++c), 255); data/vdr-plugin-satip-2.4.0/tuner.c:348:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hasLockM = !!atoi(++c); data/vdr-plugin-satip-2.4.0/tuner.c:357:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = min(atoi(++c), 15); data/vdr-plugin-satip-2.4.0/msearch.c:49:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Write(bcastAddressS, reinterpret_cast<const unsigned char *>(bcastMessageS), strlen(bcastMessageS)); data/vdr-plugin-satip-2.4.0/msearch.c:51:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Write(bcastAddressS, reinterpret_cast<const unsigned char *>(bcastMessageS), strlen(bcastMessageS)); ANALYSIS SUMMARY: Hits = 124 Lines analyzed = 7750 in approximately 0.20 seconds (39242 lines/second) Physical Source Lines of Code (SLOC) = 6308 Hits@level = [0] 23 [1] 2 [2] 33 [3] 1 [4] 88 [5] 0 Hits@level+ = [0+] 147 [1+] 124 [2+] 122 [3+] 89 [4+] 88 [5+] 0 Hits/KSLOC@level+ = [0+] 23.3037 [1+] 19.6576 [2+] 19.3405 [3+] 14.1091 [4+] 13.9505 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.