Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zoneminder-1.34.21/src/jinclude.h
Examining data/zoneminder-1.34.21/src/jwt-cpp/BaseTest.cpp
Examining data/zoneminder-1.34.21/src/jwt-cpp/ClaimTest.cpp
Examining data/zoneminder-1.34.21/src/jwt-cpp/HelperTest.cpp
Examining data/zoneminder-1.34.21/src/jwt-cpp/TestMain.cpp
Examining data/zoneminder-1.34.21/src/jwt-cpp/TokenFormatTest.cpp
Examining data/zoneminder-1.34.21/src/jwt-cpp/TokenTest.cpp
Examining data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/base.h
Examining data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/jwt_cpp.h
Examining data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h
Examining data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/BCrypt.hpp
Examining data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/bcrypt.h
Examining data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/crypt.h
Examining data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/crypt_blowfish.h
Examining data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/crypt_gensalt.h
Examining data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/ow-crypt.h
Examining data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/winbcrypt.h
Examining data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c
Examining data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c
Examining data/zoneminder-1.34.21/src/libbcrypt/src/crypt_gensalt.c
Examining data/zoneminder-1.34.21/src/libbcrypt/src/main.cpp
Examining data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c
Examining data/zoneminder-1.34.21/src/libbcrypt/vs2017/test/main.cpp
Examining data/zoneminder-1.34.21/src/zm.cpp
Examining data/zoneminder-1.34.21/src/zm.h
Examining data/zoneminder-1.34.21/src/zm_bigfont.h
Examining data/zoneminder-1.34.21/src/zm_box.cpp
Examining data/zoneminder-1.34.21/src/zm_box.h
Examining data/zoneminder-1.34.21/src/zm_buffer.cpp
Examining data/zoneminder-1.34.21/src/zm_buffer.h
Examining data/zoneminder-1.34.21/src/zm_camera.cpp
Examining data/zoneminder-1.34.21/src/zm_camera.h
Examining data/zoneminder-1.34.21/src/zm_comms.cpp
Examining data/zoneminder-1.34.21/src/zm_comms.h
Examining data/zoneminder-1.34.21/src/zm_config.cpp
Examining data/zoneminder-1.34.21/src/zm_coord.cpp
Examining data/zoneminder-1.34.21/src/zm_coord.h
Examining data/zoneminder-1.34.21/src/zm_crypt.cpp
Examining data/zoneminder-1.34.21/src/zm_crypt.h
Examining data/zoneminder-1.34.21/src/zm_curl_camera.cpp
Examining data/zoneminder-1.34.21/src/zm_curl_camera.h
Examining data/zoneminder-1.34.21/src/zm_db.cpp
Examining data/zoneminder-1.34.21/src/zm_db.h
Examining data/zoneminder-1.34.21/src/zm_event.cpp
Examining data/zoneminder-1.34.21/src/zm_event.h
Examining data/zoneminder-1.34.21/src/zm_eventstream.cpp
Examining data/zoneminder-1.34.21/src/zm_eventstream.h
Examining data/zoneminder-1.34.21/src/zm_exception.cpp
Examining data/zoneminder-1.34.21/src/zm_exception.h
Examining data/zoneminder-1.34.21/src/zm_ffmpeg.cpp
Examining data/zoneminder-1.34.21/src/zm_ffmpeg.h
Examining data/zoneminder-1.34.21/src/zm_ffmpeg_camera.cpp
Examining data/zoneminder-1.34.21/src/zm_ffmpeg_camera.h
Examining data/zoneminder-1.34.21/src/zm_ffmpeg_input.cpp
Examining data/zoneminder-1.34.21/src/zm_ffmpeg_input.h
Examining data/zoneminder-1.34.21/src/zm_fifo.cpp
Examining data/zoneminder-1.34.21/src/zm_fifo.h
Examining data/zoneminder-1.34.21/src/zm_file_camera.cpp
Examining data/zoneminder-1.34.21/src/zm_file_camera.h
Examining data/zoneminder-1.34.21/src/zm_font.h
Examining data/zoneminder-1.34.21/src/zm_frame.cpp
Examining data/zoneminder-1.34.21/src/zm_frame.h
Examining data/zoneminder-1.34.21/src/zm_group.cpp
Examining data/zoneminder-1.34.21/src/zm_group.h
Examining data/zoneminder-1.34.21/src/zm_image.cpp
Examining data/zoneminder-1.34.21/src/zm_image.h
Examining data/zoneminder-1.34.21/src/zm_image_analyser.cpp
Examining data/zoneminder-1.34.21/src/zm_image_analyser.h
Examining data/zoneminder-1.34.21/src/zm_jpeg.cpp
Examining data/zoneminder-1.34.21/src/zm_jpeg.h
Examining data/zoneminder-1.34.21/src/zm_libvlc_camera.cpp
Examining data/zoneminder-1.34.21/src/zm_libvlc_camera.h
Examining data/zoneminder-1.34.21/src/zm_local_camera.cpp
Examining data/zoneminder-1.34.21/src/zm_local_camera.h
Examining data/zoneminder-1.34.21/src/zm_logger.cpp
Examining data/zoneminder-1.34.21/src/zm_logger.h
Examining data/zoneminder-1.34.21/src/zm_mem_utils.h
Examining data/zoneminder-1.34.21/src/zm_monitor.cpp
Examining data/zoneminder-1.34.21/src/zm_monitor.h
Examining data/zoneminder-1.34.21/src/zm_monitorstream.cpp
Examining data/zoneminder-1.34.21/src/zm_monitorstream.h
Examining data/zoneminder-1.34.21/src/zm_mpeg.cpp
Examining data/zoneminder-1.34.21/src/zm_mpeg.h
Examining data/zoneminder-1.34.21/src/zm_packet.cpp
Examining data/zoneminder-1.34.21/src/zm_packet.h
Examining data/zoneminder-1.34.21/src/zm_packetqueue.cpp
Examining data/zoneminder-1.34.21/src/zm_packetqueue.h
Examining data/zoneminder-1.34.21/src/zm_poly.cpp
Examining data/zoneminder-1.34.21/src/zm_poly.h
Examining data/zoneminder-1.34.21/src/zm_regexp.cpp
Examining data/zoneminder-1.34.21/src/zm_regexp.h
Examining data/zoneminder-1.34.21/src/zm_remote_camera.cpp
Examining data/zoneminder-1.34.21/src/zm_remote_camera.h
Examining data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp
Examining data/zoneminder-1.34.21/src/zm_remote_camera_http.h
Examining data/zoneminder-1.34.21/src/zm_remote_camera_nvsocket.cpp
Examining data/zoneminder-1.34.21/src/zm_remote_camera_nvsocket.h
Examining data/zoneminder-1.34.21/src/zm_remote_camera_rtsp.cpp
Examining data/zoneminder-1.34.21/src/zm_remote_camera_rtsp.h
Examining data/zoneminder-1.34.21/src/zm_rgb.h
Examining data/zoneminder-1.34.21/src/zm_rtp.cpp
Examining data/zoneminder-1.34.21/src/zm_rtp.h
Examining data/zoneminder-1.34.21/src/zm_rtp_ctrl.cpp
Examining data/zoneminder-1.34.21/src/zm_rtp_ctrl.h
Examining data/zoneminder-1.34.21/src/zm_rtp_data.cpp
Examining data/zoneminder-1.34.21/src/zm_rtp_data.h
Examining data/zoneminder-1.34.21/src/zm_rtp_source.cpp
Examining data/zoneminder-1.34.21/src/zm_rtp_source.h
Examining data/zoneminder-1.34.21/src/zm_rtsp.cpp
Examining data/zoneminder-1.34.21/src/zm_rtsp.h
Examining data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp
Examining data/zoneminder-1.34.21/src/zm_rtsp_auth.h
Examining data/zoneminder-1.34.21/src/zm_sdp.cpp
Examining data/zoneminder-1.34.21/src/zm_sdp.h
Examining data/zoneminder-1.34.21/src/zm_sendfile.h
Examining data/zoneminder-1.34.21/src/zm_signal.cpp
Examining data/zoneminder-1.34.21/src/zm_signal.h
Examining data/zoneminder-1.34.21/src/zm_storage.cpp
Examining data/zoneminder-1.34.21/src/zm_storage.h
Examining data/zoneminder-1.34.21/src/zm_stream.cpp
Examining data/zoneminder-1.34.21/src/zm_stream.h
Examining data/zoneminder-1.34.21/src/zm_swscale.cpp
Examining data/zoneminder-1.34.21/src/zm_swscale.h
Examining data/zoneminder-1.34.21/src/zm_thread.cpp
Examining data/zoneminder-1.34.21/src/zm_thread.h
Examining data/zoneminder-1.34.21/src/zm_threaddata.cpp
Examining data/zoneminder-1.34.21/src/zm_time.cpp
Examining data/zoneminder-1.34.21/src/zm_time.h
Examining data/zoneminder-1.34.21/src/zm_timer.cpp
Examining data/zoneminder-1.34.21/src/zm_timer.h
Examining data/zoneminder-1.34.21/src/zm_user.cpp
Examining data/zoneminder-1.34.21/src/zm_user.h
Examining data/zoneminder-1.34.21/src/zm_utils.cpp
Examining data/zoneminder-1.34.21/src/zm_utils.h
Examining data/zoneminder-1.34.21/src/zm_video.cpp
Examining data/zoneminder-1.34.21/src/zm_video.h
Examining data/zoneminder-1.34.21/src/zm_videostore.cpp
Examining data/zoneminder-1.34.21/src/zm_videostore.h
Examining data/zoneminder-1.34.21/src/zm_zone.cpp
Examining data/zoneminder-1.34.21/src/zm_zone.h
Examining data/zoneminder-1.34.21/src/zma.cpp
Examining data/zoneminder-1.34.21/src/zmc.cpp
Examining data/zoneminder-1.34.21/src/zms.cpp
Examining data/zoneminder-1.34.21/src/zmu.cpp
FINAL RESULTS:
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:108:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define SNPRINTF snprintf
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/ow-crypt.h:26:14: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern char *crypt(__const char *key, __const char *setting);
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/ow-crypt.h:27:14: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern char *crypt_r(__const char *key, __const char *setting, void *data);
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:187:7: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt_r(const char *key, const char *setting, void *data)
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:194:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt(const char *key, const char *setting)
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:281:23: [4] (crypto) crypt_r:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
weak_alias(__crypt_r, crypt_r)
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:282:21: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
weak_alias(__crypt, crypt)
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:286:12: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
weak_alias(crypt, fcrypt)
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:449:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt(key, setting);
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:455:20: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (ok && strcmp(crypt(key, hash), hash)) {
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:463:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(o_buf, x);
data/zoneminder-1.34.21/src/libbcrypt/vs2017/test/main.cpp:20:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("pause");
data/zoneminder-1.34.21/src/zm_config.cpp:215:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p_name);
data/zoneminder-1.34.21/src/zm_config.cpp:217:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, p_value);
data/zoneminder-1.34.21/src/zm_config.cpp:219:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(type, p_type);
data/zoneminder-1.34.21/src/zm_config.cpp:229:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, item.name);
data/zoneminder-1.34.21/src/zm_config.cpp:231:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, item.value);
data/zoneminder-1.34.21/src/zm_config.cpp:233:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(type, item.type);
data/zoneminder-1.34.21/src/zm_config.cpp:242:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, item.name);
data/zoneminder-1.34.21/src/zm_config.cpp:245:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, item.value);
data/zoneminder-1.34.21/src/zm_config.cpp:248:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(type, item.type);
data/zoneminder-1.34.21/src/zm_event.cpp:160:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id_file, sizeof(id_file), "%s/.%" PRIu64, date_path, id);
data/zoneminder-1.34.21/src/zm_event.cpp:172:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
path_ptr += snprintf(path_ptr, sizeof(path), "/%" PRIu64, id);
data/zoneminder-1.34.21/src/zm_event.cpp:178:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
path_ptr += snprintf(path_ptr, sizeof(path), "/%" PRIu64, id);
data/zoneminder-1.34.21/src/zm_event.cpp:185:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id_file, sizeof(id_file), "%s/.%" PRIu64, path, id);
data/zoneminder-1.34.21/src/zm_event.cpp:203:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(video_file, sizeof(video_file), staticConfig.video_file_format, path, video_name);
data/zoneminder-1.34.21/src/zm_event.cpp:280:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sql, sizeof(sql),
data/zoneminder-1.34.21/src/zm_event.cpp:469:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sql, sizeof(sql), "UPDATE `Events` SET `Notes` = '%s' WHERE `Id` = %" PRIu64, escapedNotes, id);
data/zoneminder-1.34.21/src/zm_event.cpp:499:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(event_file, sizeof(event_file), staticConfig.capture_file_format, path, frames);
data/zoneminder-1.34.21/src/zm_event.cpp:582:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sql, sizeof(sql),
data/zoneminder-1.34.21/src/zm_event.cpp:612:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(event_file, sizeof(event_file), staticConfig.capture_file_format, path, frames);
data/zoneminder-1.34.21/src/zm_event.cpp:642:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(event_file, sizeof(event_file), staticConfig.analyse_file_format, path, frames);
data/zoneminder-1.34.21/src/zm_event.cpp:671:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sql, sizeof(sql),
data/zoneminder-1.34.21/src/zm_eventstream.cpp:118:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sql, sizeof(sql),
data/zoneminder-1.34.21/src/zm_eventstream.cpp:203:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(event_data->path, sizeof(event_data->path),
data/zoneminder-1.34.21/src/zm_eventstream.cpp:209:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(event_data->path, sizeof(event_data->path),
data/zoneminder-1.34.21/src/zm_eventstream.cpp:217:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(event_data->path, sizeof(event_data->path), "%s/%ld/%" PRIu64,
data/zoneminder-1.34.21/src/zm_eventstream.cpp:220:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(event_data->path, sizeof(event_data->path), "%s/%s/%ld/%" PRIu64,
data/zoneminder-1.34.21/src/zm_eventstream.cpp:637:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filepath, sizeof(filepath), staticConfig.capture_file_format, event_data->path, curr_frame_id);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:653:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filepath, sizeof(filepath), staticConfig.capture_file_format, event_data->path, curr_frame_id);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:655:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filepath, sizeof(filepath), staticConfig.analyse_file_format, event_data->path, curr_frame_id);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:658:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filepath, sizeof(filepath), staticConfig.capture_file_format, event_data->path, curr_frame_id);
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:66:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logString, sizeof(logString)-1, fmt, vargs);
data/zoneminder-1.34.21/src/zm_fifo.cpp:91:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
dbg_ptr += vsnprintf(dbg_ptr, str_size-(dbg_ptr-dbg_string), fstring, arg_ptr);
data/zoneminder-1.34.21/src/zm_fifo.h:54:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
...) __attribute__((format(printf, 5, 6)));
data/zoneminder-1.34.21/src/zm_libvlc_camera.cpp:270:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(logString, sizeof(logString)-1, fmt, vargs);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fmt_desc[nIndex], (const char*)(fmtinfo.description));
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1263:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(palette_desc,fmt_desc[nIndexUsed]);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1292:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "Error, failed to open video device %s: %s\n",
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1302:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "Video Device: %s\n", queryDevice);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1304:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "d:%s|", queryDevice);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1312:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "Error, failed to query video capabilities %s: %s\n",
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1321:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), " Driver: %s\n", vid_cap.driver);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1322:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), " Card: %s\n", vid_cap.card);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1323:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), " Bus: %s\n", vid_cap.bus_info);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1326:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), " Type: 0x%x\n%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1348:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "D:%s|", vid_cap.driver);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1349:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "C:%s|", vid_cap.card);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1350:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "B:%s|", vid_cap.bus_info);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1373:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "Error, failed to enumerate standard %d: %d %s\n", standard.index, errno, strerror(errno));
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1380:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), " %s\n", standard.name);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1382:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "%s/", standard.name);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1406:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "Error, failed to enumerate format %d: %s\n", format.index, strerror(errno));
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1413:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1491:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "Error, failed to enumerate input %d: %s\n", input.index, strerror(errno));
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1515:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "Error, failed to enumerate input %d: %s\n", input.index, strerror(errno));
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1524:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "Error, failed to switch to input %d: %s\n", input.index, strerror(errno));
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1532:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Name: %s\n", input.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1533:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Type: %s\n", input.type==V4L2_INPUT_TYPE_TUNER?"Tuner":(input.type==V4L2_INPUT_TYPE_CAMERA?"Camera":"Unknown") );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1537:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "i%d:%s|", input.index, input.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1538:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "i%dT:%s|", input.index, input.type==V4L2_INPUT_TYPE_TUNER?"Tuner":(input.type==V4L2_INPUT_TYPE_CAMERA?"Camera":"Unknown") );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1543:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_POWER, "Power ", "off", "on", " (X)" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1544:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_SIGNAL, "Signal ", "not detected", "detected", " (X)" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1545:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_COLOR, "Colour Signal ", "not detected", "detected", "" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1546:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_H_LOCK, "Horizontal Lock ", "not detected", "detected", "" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1565:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output, "Error, failed to get video capabilities %s: %s\n", queryDevice, strerror(errno) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1572:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Name: %s\n", vid_cap.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1573:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Type: %d\n%s%s%s%s%s%s%s%s%s%s%s%s%s%s", vid_cap.type,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1598:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "N:%s|", vid_cap.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1613:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output, "Error, failed to get window attributes: %s\n", strerror(errno) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1636:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output, "Error, failed to get picture attributes: %s\n", strerror(errno) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1643:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Palette: %d - %s\n", vid_pic.palette,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1686:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output, "Error, failed to get channel %d attributes: %s\n", chan, strerror(errno) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1693:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Name: %s\n", vid_src.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1695:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Flags: %d\n%s%s", vid_src.flags,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1699:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Type: %d - %s\n", vid_src.type,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1703:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Format: %d - %s\n", vid_src.norm,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1710:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "n%d:%s|", chan, vid_src.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1714:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "F%d:%d%s|", chan, vid_src.norm, chan==(vid_cap.channels-1)?"":"," );
data/zoneminder-1.34.21/src/zm_logger.cpp:528:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logPtr += vsnprintf(logPtr, sizeof(logString)-(logPtr-logString), fstring, argPtr);
data/zoneminder-1.34.21/src/zm_monitor.cpp:391:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token_ptr, token_ptr+1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2790:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Name : %s\n", name );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2791:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Type : %s\n", camera->IsLocal()?"Local":(camera->IsRemote()?"Remote":"File") );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2794:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Device : %s\n", ((LocalCamera *)camera)->Device().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2800:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Protocol : %s\n", ((RemoteCamera *)camera)->Protocol().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2801:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Host : %s\n", ((RemoteCamera *)camera)->Host().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2802:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Port : %s\n", ((RemoteCamera *)camera)->Port().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2803:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Path : %s\n", ((RemoteCamera *)camera)->Path().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2805:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Path : %s\n", ((FileCamera *)camera)->Path() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2809:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), "Path : %s\n", ((FfmpegCamera *)camera)->Path().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2821:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "Event Prefix : %s\n", event_prefix );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2822:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "Label Format : %s\n", label_format );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2838:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output+strlen(output), "Function: %d - %s\n", function,
data/zoneminder-1.34.21/src/zm_mpeg.cpp:464:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( codec_and_format, format );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:747:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( status_mesg, start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:788:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( connection_type, start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:808:44: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
content_boundary_len = sprintf( content_boundary, "--%s", start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:814:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( content_type, start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:948:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( content_type, start_ptr );
data/zoneminder-1.34.21/src/zm_rtsp.cpp:476:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( lines[i].c_str(), "Transport: %s", transport );
data/zoneminder-1.34.21/src/zm_sdp.cpp:437:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pvalue, mediaDesc->getSprops().c_str());
data/zoneminder-1.34.21/src/zm_user.cpp:84:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system = u.system;
data/zoneminder-1.34.21/src/zm_user.h:42:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Permission system;
data/zoneminder-1.34.21/src/zm_user.h:63:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Permission getSystem() const { return system; }
data/zoneminder-1.34.21/src/zm_utils.cpp:73:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tempBuffer, sizeof(tempBuffer), format , ap);
data/zoneminder-1.34.21/src/zm_utils.cpp:87:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tempBuffer, sizeof(tempBuffer), format.c_str(), ap);
data/zoneminder-1.34.21/src/zm_zone.cpp:56:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( label, p_label );
data/zoneminder-1.34.21/src/zm_zone.cpp:116:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(diag_path, sizeof(diag_path), config.record_diag_images_fifo ? "%s/diagpipe-%d-poly.jpg" : "%s/diag-%d-poly.jpg", monitor->getStorage()->Path(), id);
data/zoneminder-1.34.21/src/zm_zone.cpp:763:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, poly_string);
data/zoneminder-1.34.21/src/zm_zone.cpp:826:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, zone_string);
data/zoneminder-1.34.21/src/zm_zone.cpp:955:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Label : %s\n", label );
data/zoneminder-1.34.21/src/zm_zone.cpp:956:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Type: %d - %s\n", type,
data/zoneminder-1.34.21/src/zm_zone.cpp:969:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output+strlen(output), " Check Method: %d - %s\n", check_method,
data/zoneminder-1.34.21/src/zms.cpp:182:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(log_id_string, sizeof(log_id_string), "zms_e%" PRIu64, event_id);
data/zoneminder-1.34.21/src/zmu.cpp:207:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access(ZM_CONFIG, R_OK) != 0 ) {
data/zoneminder-1.34.21/src/zmu.cpp:545:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%" PRIu64, monitor->GetLastEventId());
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:1155:8: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(std::ios::failbit);
data/zoneminder-1.34.21/src/zm_logger.cpp:176:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (envPtr = getenv("LOG_PRINT")) )
data/zoneminder-1.34.21/src/zm_logger.cpp:224:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (envPtr = getenv("LOG_FLUSH")) ) {
data/zoneminder-1.34.21/src/zm_logger.cpp:271:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *envPtr = getenv(name.c_str());
data/zoneminder-1.34.21/src/zm_logger.cpp:276:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *envPtr = getenv(name.c_str());
data/zoneminder-1.34.21/src/zm_logger.cpp:281:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *envPtr = getenv(name.c_str());
data/zoneminder-1.34.21/src/zm_logger.cpp:289:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *envPtr = getenv(envName.c_str());
data/zoneminder-1.34.21/src/zm_logger.cpp:292:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envPtr = getenv(envName.c_str());
data/zoneminder-1.34.21/src/zm_logger.cpp:295:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envPtr = getenv(name.c_str());
data/zoneminder-1.34.21/src/zm_user.cpp:156:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
remote_addr = std::string(getenv("REMOTE_ADDR"));
data/zoneminder-1.34.21/src/zm_user.cpp:229:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
remote_addr = getenv("REMOTE_ADDR");
data/zoneminder-1.34.21/src/zma.cpp:73:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getpid() * time(0));
data/zoneminder-1.34.21/src/zma.cpp:87:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "m:h:v", long_options, &option_index);
data/zoneminder-1.34.21/src/zmc.cpp:93:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getpid() * time(0));
data/zoneminder-1.34.21/src/zmc.cpp:119:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "d:H:P:p:f:m:h:v", long_options, &option_index);
data/zoneminder-1.34.21/src/zms.cpp:56:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getpid() * time(0));
data/zoneminder-1.34.21/src/zms.cpp:93:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *query = getenv("QUERY_STRING");
data/zoneminder-1.34.21/src/zmu.cpp:214:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(getpid() * time(0));
data/zoneminder-1.34.21/src/zmu.cpp:278:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "d:m:vsEDLurwei::S:t::fz::ancqhlB::C::H::O::U:P:A:V:T:", long_options, &option_index);
data/zoneminder-1.34.21/src/jinclude.h:62:32: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size) bcopy((const void *)(src), (void *)(dest), (size_t)(size))
data/zoneminder-1.34.21/src/jinclude.h:68:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size) memcpy((void *)(dest), (const void *)(src), (size_t)(size))
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("-9223372036854775808")];
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:541:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:1075:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/BCrypt.hpp:15:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[BCRYPT_HASHSIZE];
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/BCrypt.hpp:16:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[BCRYPT_HASHSIZE];
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/bcrypt.h:33:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_gensalt(int workfactor, char salt[BCRYPT_HASHSIZE]);
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/bcrypt.h:48:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE],
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/bcrypt.h:48:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE],
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/bcrypt.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[BCRYPT_HASHSIZE]);
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/bcrypt.h:60:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]);
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/bcrypt.h:60:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]);
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/winbcrypt.h:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[BCRYPT_HASHSIZE];
data/zoneminder-1.34.21/src/libbcrypt/include/bcrypt/winbcrypt.h:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[BCRYPT_HASHSIZE];
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:112:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_gensalt(int factor, char salt[BCRYPT_HASHSIZE])
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[RANDBYTES];
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:138:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:159:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE], char hash[BCRYPT_HASHSIZE])
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:159:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE], char hash[BCRYPT_HASHSIZE])
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:159:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_hashpw(const char *passwd, const char salt[BCRYPT_HASHSIZE], char hash[BCRYPT_HASHSIZE])
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:166:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE])
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:166:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE])
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outhash[BCRYPT_HASHSIZE];
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[BCRYPT_HASHSIZE];
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[BCRYPT_HASHSIZE];
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c:368:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char BF_itoa64[64 + 1] =
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c:371:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char BF_atoi64[0x60] = {
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c:649:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char flags_by_subtype[26] =
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c:772:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, setting, 7 + 22 - 1);
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c:825:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const test_hashes[2] =
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c:833:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[7 + 22 + 1];
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_blowfish.c:834:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char o[7 + 22 + 31 + 1 + 1 + 1];
data/zoneminder-1.34.21/src/libbcrypt/src/crypt_gensalt.c:35:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _crypt_itoa64[64 + 1] =
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:196:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[CRYPT_OUTPUT_SIZE];
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[CRYPT_GENSALT_OUTPUT_SIZE];
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:272:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[CRYPT_GENSALT_OUTPUT_SIZE];
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:441:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_buf[30], o_buf[61];
data/zoneminder-1.34.21/src/zm_buffer.cpp:35:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( mStorage, pStorage, mSize );
data/zoneminder-1.34.21/src/zm_buffer.cpp:62:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( newStorage, mHead, mSize );
data/zoneminder-1.34.21/src/zm_buffer.h:45:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( mStorage, pStorage, mSize );
data/zoneminder-1.34.21/src/zm_buffer.h:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( mStorage, buffer.mHead, mSize );
data/zoneminder-1.34.21/src/zm_buffer.h:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( mTail, pStorage, pSize );
data/zoneminder-1.34.21/src/zm_buffer.h:136:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( mStorage, mHead, mSize );
data/zoneminder-1.34.21/src/zm_comms.cpp:83:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Pipe::open()
data/zoneminder-1.34.21/src/zm_comms.cpp:524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/zoneminder-1.34.21/src/zm_comms.cpp:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[8];
data/zoneminder-1.34.21/src/zm_comms.cpp:603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/zoneminder-1.34.21/src/zm_comms.cpp:665:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[8];
data/zoneminder-1.34.21/src/zm_comms.cpp:673:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[8];
data/zoneminder-1.34.21/src/zm_comms.h:116:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open();
data/zoneminder-1.34.21/src/zm_comms.h:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[msg.capacity()];
data/zoneminder-1.34.21/src/zm_comms.h:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxLen];
data/zoneminder-1.34.21/src/zm_config.cpp:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configFile[PATH_MAX] = ZM_CONFIG;
data/zoneminder-1.34.21/src/zm_config.cpp:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char glob_pattern[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_config.cpp:81:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
staticConfig.SERVER_ID = atoi(dbrow[0]);
data/zoneminder-1.34.21/src/zm_config.cpp:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/zoneminder-1.34.21/src/zm_config.cpp:114:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (cfg = fopen(configFile, "r")) == NULL ) {
data/zoneminder-1.34.21/src/zm_config.cpp:183:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
staticConfig.SERVER_ID = atoi(val_ptr);
data/zoneminder-1.34.21/src/zm_config.cpp:345:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_crypt.cpp:147:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest_interim[SHA_DIGEST_LENGTH];
data/zoneminder-1.34.21/src/zm_crypt.cpp:148:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest_final[SHA_DIGEST_LENGTH];
data/zoneminder-1.34.21/src/zm_crypt.cpp:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final_hash[SHA_DIGEST_LENGTH * 2 +2];
data/zoneminder-1.34.21/src/zm_crypt.cpp:176:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&final_hash[i*2]+1, "%02X", (unsigned int)digest_final[i]);
data/zoneminder-1.34.21/src/zm_curl_camera.cpp:225:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame_content_length = atoi(subheader_data.c_str());
data/zoneminder-1.34.21/src/zm_db.cpp:67:124: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( !mysql_real_connect( &dbconn, dbHost.c_str(), staticConfig.DB_USER.c_str(), staticConfig.DB_PASS.c_str(), NULL, atoi(dbPortOrSocket.c_str()), NULL, 0 ) ) {
data/zoneminder-1.34.21/src/zm_event.cpp:85:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
state_id = atoi(dbrow[0]);
data/zoneminder-1.34.21/src/zm_event.cpp:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.cpp:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.cpp:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_path[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_event.cpp:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_path[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_event.cpp:186:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( FILE *id_fp = fopen(id_file, "w") )
data/zoneminder-1.34.21/src/zm_event.cpp:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_LGE_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.cpp:418:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_LGE_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.cpp:422:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notesStr[ZM_SQL_MED_BUFSIZ] = "";
data/zoneminder-1.34.21/src/zm_event.cpp:465:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char escapedNotes[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.cpp:486:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_LGE_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.cpp:498:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char event_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.cpp:549:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_LGE_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.cpp:578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.cpp:611:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char event_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.cpp:641:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char event_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.cpp:660:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_event.h:67:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * frame_type_names[3];
data/zoneminder-1.34.21/src/zm_event.h:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.h:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snapshot_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.h:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alarm_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.h:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char video_name[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.h:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char video_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.h:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timecodes_name[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.h:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timecodes_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_event.h:139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char subpath[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_eventstream.cpp:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_eventstream.cpp:116:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_eventstream.cpp:149:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_data->monitor_id = atoi(dbrow[0]);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:150:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_data->storage_id = dbrow[1] ? atoi(dbrow[1]) : 0;
data/zoneminder-1.34.21/src/zm_eventstream.cpp:151:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_data->frame_count = dbrow[2] == NULL ? 0 : atoi(dbrow[2]);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:152:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_data->start_time = atoi(dbrow[3]);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:163:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_data->SaveJPEGs = dbrow[7] == NULL ? 0 : atoi(dbrow[7]);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:164:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_data->Orientation = (Monitor::Orientation)(dbrow[8] == NULL ? 0 : atoi(dbrow[8]));
data/zoneminder-1.34.21/src/zm_eventstream.cpp:250:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(dbrow[0]);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&status_msg.msg_data, &status_data, sizeof(status_data));
data/zoneminder-1.34.21/src/zm_eventstream.cpp:564:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_eventstream.cpp:635:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filepath[PATH_MAX];
data/zoneminder-1.34.21/src/zm_eventstream.cpp:646:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filepath[PATH_MAX];
data/zoneminder-1.34.21/src/zm_eventstream.cpp:686:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char temp_img_buffer[ZM_MAX_IMAGE_SIZE];
data/zoneminder-1.34.21/src/zm_eventstream.cpp:699:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdj = fopen(filepath, "rb");
data/zoneminder-1.34.21/src/zm_eventstream.cpp:921:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char frame_text[64];
data/zoneminder-1.34.21/src/zm_eventstream.h:60:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/zoneminder-1.34.21/src/zm_eventstream.h:63:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char video_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logString[8192];
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:432:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->data, src->data, src->size);
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:621:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[10240];
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[10240];
data/zoneminder-1.34.21/src/zm_ffmpeg.h:252:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[AV_ERROR_MAX_STRING_SIZE];
data/zoneminder-1.34.21/src/zm_ffmpeg_camera.cpp:856:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !videoStore->open() ) {
data/zoneminder-1.34.21/src/zm_fifo.cpp:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zm_fifodbg_log[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_fifo.cpp:42:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(zm_fifodbg_log, O_WRONLY|O_NONBLOCK|O_TRUNC);
data/zoneminder-1.34.21/src/zm_fifo.cpp:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbg_string[8192];
data/zoneminder-1.34.21/src/zm_fifo.cpp:105:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[RAW_BUFFER];
data/zoneminder-1.34.21/src/zm_fifo.cpp:106:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(stream_path, O_RDONLY);
data/zoneminder-1.34.21/src/zm_fifo.cpp:145:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
data/zoneminder-1.34.21/src/zm_fifo.cpp:161:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[ZM_MAX_IMAGE_SIZE];
data/zoneminder-1.34.21/src/zm_fifo.cpp:162:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(stream_path, O_RDONLY);
data/zoneminder-1.34.21/src/zm_fifo.cpp:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_path[PATH_MAX];
data/zoneminder-1.34.21/src/zm_fifo.cpp:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_fifo.cpp:239:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_lock = open(lock_file, O_RDONLY);
data/zoneminder-1.34.21/src/zm_file_camera.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/zoneminder-1.34.21/src/zm_group.cpp:32:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "Default");
data/zoneminder-1.34.21/src/zm_group.cpp:38:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_group.cpp:39:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parent_id = dbrow[index] ? atoi(dbrow[index]): 0; index++;
data/zoneminder-1.34.21/src/zm_group.cpp:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_group.cpp:56:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_group.cpp:57:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parent_id = dbrow[index] ? atoi(dbrow[index]): 0; index++;
data/zoneminder-1.34.21/src/zm_group.cpp:64:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "Default");
data/zoneminder-1.34.21/src/zm_group.h:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64+1];
data/zoneminder-1.34.21/src/zm_image.cpp:473:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
fptr_imgbufcpy = &memcpy;
data/zoneminder-1.34.21/src/zm_image.cpp:477:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
fptr_imgbufcpy = &memcpy;
data/zoneminder-1.34.21/src/zm_image.cpp:814:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (infile = fopen(filename, "rb")) == NULL ) {
data/zoneminder-1.34.21/src/zm_image.cpp:845:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (outfile = fopen(filename, "wb")) == NULL ) {
data/zoneminder-1.34.21/src/zm_image.cpp:874:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (infile = fopen(filename, "rb")) == NULL ) {
data/zoneminder-1.34.21/src/zm_image.cpp:1041:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (outfile = fopen(filename, "wb")) == NULL ) {
data/zoneminder-1.34.21/src/zm_image.cpp:1046:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
raw_fd = open(filename, O_WRONLY|O_NONBLOCK|O_CREAT|O_TRUNC,S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
data/zoneminder-1.34.21/src/zm_image.cpp:1133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[64], msbuf[64];
data/zoneminder-1.34.21/src/zm_image.cpp:1136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char exiftimes[82] = {
data/zoneminder-1.34.21/src/zm_image.cpp:1143:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&exiftimes[EXIFTIMES_OFFSET], timebuf,EXIFTIMES_LEN);
data/zoneminder-1.34.21/src/zm_image.cpp:1144:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&exiftimes[EXIFTIMES_MS_OFFSET], msbuf, EXIFTIMES_MS_LEN);
data/zoneminder-1.34.21/src/zm_image.cpp:1421:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pnbuf, pbuf, new_stride );
data/zoneminder-1.34.21/src/zm_image.cpp:2090:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_text[64];
data/zoneminder-1.34.21/src/zm_image.cpp:2094:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[132];
data/zoneminder-1.34.21/src/zm_image.cpp:2714:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d_ptr, s_ptr, line_bytes);
data/zoneminder-1.34.21/src/zm_image.cpp:2766:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pd, pd-nwc, nwc );
data/zoneminder-1.34.21/src/zm_image.h:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/zoneminder-1.34.21/src/zm_jpeg.cpp:42:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[JMSG_LENGTH_MAX];
data/zoneminder-1.34.21/src/zm_jpeg.cpp:58:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[JMSG_LENGTH_MAX];
data/zoneminder-1.34.21/src/zm_jpeg.cpp:148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest->outbuffer+*(dest->outbuffer_size), dest->buffer, OUTPUT_BUF_SIZE );
data/zoneminder-1.34.21/src/zm_jpeg.cpp:173:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest->outbuffer+*(dest->outbuffer_size), dest->buffer, datacount );
data/zoneminder-1.34.21/src/zm_jpeg.cpp:283:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( src->buffer, src->inbuffer, (size_t) src->inbuffer_size );
data/zoneminder-1.34.21/src/zm_libvlc_camera.cpp:179:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mOptArgV[i] = (char *)opVect[i].c_str();
data/zoneminder-1.34.21/src/zm_libvlc_camera.cpp:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logString[8192];
data/zoneminder-1.34.21/src/zm_local_camera.cpp:253:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char palette_desc[32];
data/zoneminder-1.34.21/src/zm_local_camera.cpp:713:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (vid_fd = open(device.c_str(), O_RDWR, 0)) < 0 )
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_desc[64][32];
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1193:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (enum_fd = open(device.c_str(), O_RDWR, 0)) < 0 ) {
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char queryDevice[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1286:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(queryDevice, "/dev/video%d", devIndex);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1288:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (vid_fd = open(queryDevice, O_RDWR)) <= 0 ) {
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1295:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1315:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1320:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "General Capabilities\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1324:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Version: %u.%u.%u\n",
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1351:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "V:%u.%u.%u|", (vid_cap.version>>16)&0xff, (vid_cap.version>>8)&0xff, vid_cap.version&0xff);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1352:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "T:0x%x|", vid_cap.capabilities);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1356:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Standards:\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1358:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "S:");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1375:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1389:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Formats:\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1391:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "F:");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1408:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1422:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1433:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Crop Capabilities\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1445:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Cropping is not supported\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1448:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "B:%dx%d|",0,0);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1462:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Cropping is not supported\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1465:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "B:%dx%d|",0,0);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1470:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Bounds: %d x %d\n", cropcap.bounds.width, cropcap.bounds.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1471:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Default: %d x %d\n", cropcap.defrect.width, cropcap.defrect.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1472:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), " Current: %d x %d\n", crop.c.width, crop.c.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1474:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "B:%dx%d|", cropcap.bounds.width, cropcap.bounds.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1493:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1499:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Inputs: %d\n", inputIndex);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1501:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "I:%d|", inputIndex);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1517:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1526:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1531:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Input %d\n", input.index );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1534:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Audioset: %08x\n", input.audioset );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1535:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Standards: 0x%llx\n", input.std );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1539:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "i%dS:%llx|", input.index, input.std );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1548:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "i%dSP:%d|", input.index, (input.status&V4L2_IN_ST_NO_POWER)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1549:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "i%dSS:%d|", input.index, (input.status&V4L2_IN_ST_NO_SIGNAL)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1550:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "i%dSC:%d|", input.index, (input.status&V4L2_IN_ST_NO_COLOR)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1551:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "i%dHP:%d|", input.index, (input.status&V4L2_IN_ST_NO_H_LOCK)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1567:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output, "error%d\n", errno );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1571:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Video Capabilities\n" );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1589:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Video Channels: %d\n", vid_cap.channels );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1590:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Audio Channels: %d\n", vid_cap.audios );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1591:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Maximum Width: %d\n", vid_cap.maxwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1592:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Maximum Height: %d\n", vid_cap.maxheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1593:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Minimum Width: %d\n", vid_cap.minwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1594:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Minimum Height: %d\n", vid_cap.minheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1599:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "T:%d|", vid_cap.type );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1600:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "nC:%d|", vid_cap.channels );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1601:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "nA:%d|", vid_cap.audios );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1602:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "mxW:%d|", vid_cap.maxwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1603:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "mxH:%d|", vid_cap.maxheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1604:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "mnW:%d|", vid_cap.minwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1605:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "mnH:%d|", vid_cap.minheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1615:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output, "error%d\n", errno );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1619:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Window Attributes\n" );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1620:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " X Offset: %d\n", vid_win.x );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1621:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Y Offset: %d\n", vid_win.y );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1622:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Width: %d\n", vid_win.width );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1623:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Height: %d\n", vid_win.height );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1625:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "X:%d|", vid_win.x );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1626:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Y:%d|", vid_win.y );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1627:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "W:%d|", vid_win.width );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1628:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "H:%d|", vid_win.height );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1638:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output, "error%d\n", errno );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1642:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Picture Attributes\n" );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1663:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Colour Depth: %d\n", vid_pic.depth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1664:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Brightness: %d\n", vid_pic.brightness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1665:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Hue: %d\n", vid_pic.hue );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1666:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Colour :%d\n", vid_pic.colour );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1667:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Contrast: %d\n", vid_pic.contrast );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1668:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Whiteness: %d\n", vid_pic.whiteness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1670:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "P:%d|", vid_pic.palette );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1671:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "D:%d|", vid_pic.depth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1672:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "B:%d|", vid_pic.brightness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1673:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "h:%d|", vid_pic.hue );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1674:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Cl:%d|", vid_pic.colour );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1675:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Cn:%d|", vid_pic.contrast );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1676:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "w:%d|", vid_pic.whiteness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1688:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output, "error%d\n", errno );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1692:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Channel %d Attributes\n", chan );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1694:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Channel: %d\n", vid_src.channel );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1711:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "C%d:%d|", chan, vid_src.channel );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1712:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Fl%d:%x|", chan, vid_src.flags );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1713:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "T%d:%d|", chan, vid_src.type );
data/zoneminder-1.34.21/src/zm_logger.cpp:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4] = "";
data/zoneminder-1.34.21/src/zm_logger.cpp:177:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempTerminalLevel = atoi(envPtr) ? DEBUG9 : NOLOG;
data/zoneminder-1.34.21/src/zm_logger.cpp:180:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempLevel = atoi(envPtr);
data/zoneminder-1.34.21/src/zm_logger.cpp:183:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempTerminalLevel = atoi(envPtr);
data/zoneminder-1.34.21/src/zm_logger.cpp:185:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempDatabaseLevel = atoi(envPtr);
data/zoneminder-1.34.21/src/zm_logger.cpp:187:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempFileLevel = atoi(envPtr);
data/zoneminder-1.34.21/src/zm_logger.cpp:189:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempSyslogLevel = atoi(envPtr);
data/zoneminder-1.34.21/src/zm_logger.cpp:225:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mFlush = atoi(envPtr);
data/zoneminder-1.34.21/src/zm_logger.cpp:272:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return envPtr ? atoi(envPtr) : defaultValue;
data/zoneminder-1.34.21/src/zm_logger.cpp:277:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return envPtr ? atoi(envPtr) : defaultValue;
data/zoneminder-1.34.21/src/zm_logger.cpp:416:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (mLogFileFP = fopen(mLogFile.c_str(), "a")) == (FILE *)NULL ) {
data/zoneminder-1.34.21/src/zm_logger.cpp:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeString[64];
data/zoneminder-1.34.21/src/zm_logger.cpp:456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logString[8192];
data/zoneminder-1.34.21/src/zm_logger.cpp:559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_logger.cpp:560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escapedString[(strlen(syslogStart)*2)+1];
data/zoneminder-1.34.21/src/zm_monitor.cpp:141:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
map_fd = open( mem_file, O_RDWR, (mode_t)0600 );
data/zoneminder-1.34.21/src/zm_monitor.cpp:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor_dir[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_monitor.cpp:558:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
map_fd = open(mem_file, O_RDWR|O_CREAT, (mode_t)0600);
data/zoneminder-1.34.21/src/zm_monitor.cpp:748:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mmap_path[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_monitor.cpp:831:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[PATH_MAX];
data/zoneminder-1.34.21/src/zm_monitor.cpp:980:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_monitor.cpp:991:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_monitor.cpp:1202:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[PATH_MAX];
data/zoneminder-1.34.21/src/zm_monitor.cpp:1210:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[PATH_MAX];
data/zoneminder-1.34.21/src/zm_monitor.cpp:1211:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char new_filename[PATH_MAX];
data/zoneminder-1.34.21/src/zm_monitor.cpp:1307:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_monitor.cpp:1788:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pre_event_buffer[pre_index].timestamp, snap->timestamp, sizeof(struct timeval));
data/zoneminder-1.34.21/src/zm_monitor.cpp:1804:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_monitor.cpp:1819:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
function = (Function)atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1820:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enabled = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1836:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
label_coord = Coord( atoi(dbrow[index]), atoi(dbrow[index+1]) ); index += 2;
data/zoneminder-1.34.21/src/zm_monitor.cpp:1836:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
label_coord = Coord( atoi(dbrow[index]), atoi(dbrow[index+1]) ); index += 2;
data/zoneminder-1.34.21/src/zm_monitor.cpp:1837:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
label_size = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1838:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
warmup_count = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1839:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pre_event_count = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1840:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
post_event_count = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1841:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alarm_frame_count = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1842:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
section_length = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1843:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_section_length = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1844:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame_skip = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1845:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
motion_frame_skip = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1853:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fps_report_interval = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1854:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ref_blend_perc = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1855:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alarm_ref_blend_perc = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1856:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
track_motion = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1858:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
signal_check_points = dbrow[index]?atoi(dbrow[index]):0; index++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:1900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_id_str[8];
data/zoneminder-1.34.21/src/zm_monitor.cpp:1915:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int link_id = atoi(link_id_str);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1944:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_monitor.cpp:2071:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2073:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int server_id = dbrow[col] ? atoi(dbrow[col]) : 0; col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2074:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int storage_id = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2076:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Function function = (Function)atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2077:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int enabled = dbrow[col] ? atoi(dbrow[col]) : 0; col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2088:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int channel = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2089:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int format = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2102:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v4l_captures_per_frame = atoi(dbrow[col]);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2117:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int width = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2118:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int height = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2119:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int colours = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2120:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int palette = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2121:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Orientation orientation = (Orientation)atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2122:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int deinterlacing = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2128:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int savejpegs = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2129:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
VideoWriter videowriter = (VideoWriter)atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2133:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int brightness = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2134:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int contrast = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2135:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int hue = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2136:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int colour = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2140:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Coord label_coord = Coord( atoi(dbrow[col]), atoi(dbrow[col+1]) ); col += 2;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2140:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Coord label_coord = Coord( atoi(dbrow[col]), atoi(dbrow[col+1]) ); col += 2;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2141:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int label_size = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2143:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int image_buffer_count = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2144:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int warmup_count = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2145:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pre_event_count = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2146:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int post_event_count = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2147:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int stream_replay_buffer = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2148:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int alarm_frame_count = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2149:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int section_length = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2150:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int min_section_length = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2151:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int frame_skip = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2152:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int motion_frame_skip = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2153:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fps_report_interval = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2154:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ref_blend_perc = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2155:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int alarm_ref_blend_perc = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2156:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int track_motion = atoi(dbrow[col]); col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2158:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int signal_check_points = dbrow[col] ? atoi(dbrow[col]) : 0;col++;
data/zoneminder-1.34.21/src/zm_monitor.cpp:2538:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_monitor.cpp:2579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_time_text[256];
data/zoneminder-1.34.21/src/zm_monitor.cpp:2582:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_text[1024];
data/zoneminder-1.34.21/src/zm_monitor.cpp:2789:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Id : %d\n", id );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2795:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Channel : %d\n", ((LocalCamera *)camera)->Channel() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2796:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Standard : %d\n", ((LocalCamera *)camera)->Standard() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2812:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Width : %d\n", camera->Width() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2813:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Height : %d\n", camera->Height() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2816:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), "Palette : %d\n", ((LocalCamera *)camera)->Palette() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2819:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Colours : %d\n", camera->Colours() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2820:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Subpixel Order : %d\n", camera->SubpixelOrder() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2823:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Label Coord : %d,%d\n", label_coord.X(), label_coord.Y() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2824:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Label Size : %d\n", label_size );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2825:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Image Buffer Count : %d\n", image_buffer_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2826:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Warmup Count : %d\n", warmup_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2827:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Pre Event Count : %d\n", pre_event_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2828:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Post Event Count : %d\n", post_event_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2829:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Stream Replay Buffer : %d\n", stream_replay_buffer );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2830:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Alarm Frame Count : %d\n", alarm_frame_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2831:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Section Length : %d\n", section_length);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Min Section Length : %d\n", min_section_length);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2833:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Maximum FPS : %.2f\n", capture_delay?(double)DT_PREC_3/capture_delay:0.0);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2834:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Alarm Maximum FPS : %.2f\n", alarm_capture_delay?(double)DT_PREC_3/alarm_capture_delay:0.0);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2835:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Reference Blend %%ge : %d\n", ref_blend_perc);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2836:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Alarm Reference Blend %%ge : %d\n", alarm_ref_blend_perc);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2837:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Track Motion : %d\n", track_motion);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2846:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output+strlen(output), "Zones : %d\n", n_zones );
data/zoneminder-1.34.21/src/zm_monitor.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alarm_cause[256];
data/zoneminder-1.34.21/src/zm_monitor.h:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trigger_cause[32];
data/zoneminder-1.34.21/src/zm_monitor.h:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trigger_text[256];
data/zoneminder-1.34.21/src/zm_monitor.h:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trigger_showtext[256];
data/zoneminder-1.34.21/src/zm_monitor.h:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_file[4096];
data/zoneminder-1.34.21/src/zm_monitor.h:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/zoneminder-1.34.21/src/zm_monitor.h:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_monitor.h:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/zoneminder-1.34.21/src/zm_monitor.h:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_prefix[64]; // The prefix applied to event names as they are created
data/zoneminder-1.34.21/src/zm_monitor.h:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_format[64]; // The format of the timestamp on the images
data/zoneminder-1.34.21/src/zm_monitor.h:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem_file[PATH_MAX];
data/zoneminder-1.34.21/src/zm_monitorstream.cpp:281:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&status_msg.msg_data, &status_data, sizeof(status_data));
data/zoneminder-1.34.21/src/zm_monitorstream.cpp:316:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char img_buffer[ZM_MAX_IMAGE_SIZE];
data/zoneminder-1.34.21/src/zm_monitorstream.cpp:319:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdj = fopen(filepath, "r")) ) {
data/zoneminder-1.34.21/src/zm_monitorstream.cpp:381:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char temp_img_buffer[ZM_MAX_IMAGE_SIZE];
data/zoneminder-1.34.21/src/zm_monitorstream.cpp:740:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp_image_buffer[temp_index].timestamp), monitor->image_buffer[index].timestamp, sizeof(temp_image_buffer[0].timestamp));
data/zoneminder-1.34.21/src/zm_monitorstream.cpp:803:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char glob_pattern[PATH_MAX] = "";
data/zoneminder-1.34.21/src/zm_monitorstream.h:34:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[PATH_MAX];
data/zoneminder-1.34.21/src/zm_mpeg.cpp:584:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_copy, buffer, buffer_size);
data/zoneminder-1.34.21/src/zm_mpeg.cpp:611:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp_opicture->data[0], buffer, buffer_size );
data/zoneminder-1.34.21/src/zm_mpeg.cpp:623:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( opicture->data[0], buffer, buffer_size );
data/zoneminder-1.34.21/src/zm_regexp.cpp:46:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
match_buffers = new char *[max_matches];
data/zoneminder-1.34.21/src/zm_regexp.cpp:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( match_buffers[match_index], match_string+match_vectors[2*match_index], match_len );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:155:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct in6_addr)];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:336:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status_code = atoi( status_expr->MatchString( 2 ) );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:376:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
content_length = atoi( content_length_expr->MatchString( 1 ) );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:449:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subheader_pattern[256] = "";
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:463:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
content_length = atoi( subcontent_length_expr->MatchString( 1 ) );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:551:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_pattern[256] = "";
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:621:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char subcontent_length_header[33];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:622:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char subcontent_type_header[65];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:624:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char http_version[16];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:625:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status_code[16];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:626:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status_mesg[256];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:627:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char connection_type[32];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:629:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char content_type[32];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:630:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char content_boundary[64];
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:743:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int status = atoi( status_code );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:793:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
content_length = atoi( start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:942:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
content_length = atoi( start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_nvsocket.cpp:97:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port_num = atoi(port.c_str());
data/zoneminder-1.34.21/src/zm_remote_camera_rtsp.h:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldDirectory[4096];
data/zoneminder-1.34.21/src/zm_rtp_ctrl.cpp:196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rtcpPacket->body.sdes.item[0].data, cname.data(), cname.size() );
data/zoneminder-1.34.21/src/zm_rtp_ctrl.cpp:273:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ZM_NETWORK_BUFSIZ];
data/zoneminder-1.34.21/src/zm_rtp_data.cpp:85:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ZM_NETWORK_BUFSIZ];
data/zoneminder-1.34.21/src/zm_rtp_source.cpp:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256] = "";
data/zoneminder-1.34.21/src/zm_rtsp.cpp:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char respText[ZM_NETWORK_BUFSIZ];
data/zoneminder-1.34.21/src/zm_rtsp.cpp:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_rtsp.cpp:112:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(dbrow[0]);
data/zoneminder-1.34.21/src/zm_rtsp.cpp:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char respText[256];
data/zoneminder-1.34.21/src/zm_rtsp.cpp:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char publicLine[256] = "";
data/zoneminder-1.34.21/src/zm_rtsp.cpp:467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transport[256] = "";
data/zoneminder-1.34.21/src/zm_rtsp.cpp:663:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tempBuffer[ZM_NETWORK_BUFSIZ];
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5buf[md5len];
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5HexBuf[md5len*2+1];
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:151:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&md5HexBuf[2*j], "%02x", md5buf[j] );
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:166:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] );
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:187:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( &md5HexBuf[2*j], "%02x", md5buf[j] );
data/zoneminder-1.34.21/src/zm_sdp.cpp:122:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mTtl = atoi(addressTokens[1].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:124:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mNoAddresses = atoi(addressTokens[2].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:136:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mValue = atoi(tokens[1].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:222:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int payloadType = atoi(attrTokens[0].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:230:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int payloadClock = atoi(payloadTokens[1].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:239:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int payloadType = atoi(attrTokens[0].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:245:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int width = atoi(sizeTokens[0].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:246:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int height = atoi(sizeTokens[1].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:259:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int payloadType = atoi(attrTokens[0].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:273:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c = (char *)attr2Tokens[i].c_str() + t + 1;
data/zoneminder-1.34.21/src/zm_sdp.cpp:302:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mediaPort = atoi(portTokens[0].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:305:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mediaNumPorts = atoi(portTokens[1].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:309:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int payloadType = atoi(tokens[3].c_str());
data/zoneminder-1.34.21/src/zm_sdp.cpp:435:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvalue[1024], *value = pvalue;
data/zoneminder-1.34.21/src/zm_sdp.cpp:440:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base64packet[1024];
data/zoneminder-1.34.21/src/zm_sdp.cpp:469:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, codec_context->extradata, codec_context->extradata_size);
data/zoneminder-1.34.21/src/zm_sdp.cpp:473:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest+codec_context->extradata_size, start_sequence, sizeof(start_sequence));
data/zoneminder-1.34.21/src/zm_sdp.cpp:474:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest+codec_context->extradata_size+sizeof(start_sequence), decoded_packet, packet_size);
data/zoneminder-1.34.21/src/zm_sdp.h:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char payloadName[6];
data/zoneminder-1.34.21/src/zm_sdp.h:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char payloadName[32];
data/zoneminder-1.34.21/src/zm_signal.cpp:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024] = "addr2line -e ";
data/zoneminder-1.34.21/src/zm_storage.cpp:32:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "Default");
data/zoneminder-1.34.21/src/zm_storage.cpp:45:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi( dbrow[index++] );
data/zoneminder-1.34.21/src/zm_storage.cpp:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zm_storage.cpp:72:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_storage.cpp:95:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "Default");
data/zoneminder-1.34.21/src/zm_storage.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64+1];
data/zoneminder-1.34.21/src/zm_storage.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[64+1];
data/zoneminder-1.34.21/src/zm_stream.cpp:255:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[ZM_MAX_IMAGE_SIZE];
data/zoneminder-1.34.21/src/zm_stream.cpp:307:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lock_fd = open(sock_path_lock, O_CREAT|O_WRONLY, S_IRUSR | S_IWUSR);
data/zoneminder-1.34.21/src/zm_stream.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_data[16];
data/zoneminder-1.34.21/src/zm_stream.h:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_data[256];
data/zoneminder-1.34.21/src/zm_stream.h:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_sock_path[108];
data/zoneminder-1.34.21/src/zm_stream.h:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rem_sock_path[108];
data/zoneminder-1.34.21/src/zm_stream.h:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sock_path_lock[108];
data/zoneminder-1.34.21/src/zm_user.cpp:53:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_user.cpp:56:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enabled = static_cast<bool>(atoi(dbrow[index++]));
data/zoneminder-1.34.21/src/zm_user.cpp:57:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream = (Permission)atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_user.cpp:58:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
events = (Permission)atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_user.cpp:59:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
control = (Permission)atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_user.cpp:60:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
monitors = (Permission)atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_user.cpp:61:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
system = (Permission)atoi(dbrow[index++]);
data/zoneminder-1.34.21/src/zm_user.cpp:66:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
monitor_ids.push_back(atoi((*i).c_str()));
data/zoneminder-1.34.21/src/zm_user.cpp:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_MED_BUFSIZ] = "";
data/zoneminder-1.34.21/src/zm_user.cpp:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_MED_BUFSIZ] = "";
data/zoneminder-1.34.21/src/zm_user.cpp:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[ZM_SQL_SML_BUFSIZ] = "";
data/zoneminder-1.34.21/src/zm_user.cpp:268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_key[512] = "";
data/zoneminder-1.34.21/src/zm_user.cpp:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_md5[32+1] = "";
data/zoneminder-1.34.21/src/zm_user.cpp:271:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[md5len];
data/zoneminder-1.34.21/src/zm_user.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[32+1];
data/zoneminder-1.34.21/src/zm_user.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[64+1];
data/zoneminder-1.34.21/src/zm_utils.cpp:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuffer[8192];
data/zoneminder-1.34.21/src/zm_utils.cpp:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuffer[8192];
data/zoneminder-1.34.21/src/zm_utils.cpp:141:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char base64_table[64] = { '\0' };
data/zoneminder-1.34.21/src/zm_utils.cpp:365:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest,src,bytes);
data/zoneminder-1.34.21/src/zm_utils.cpp:383:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmbuf[20], buf[28];
data/zoneminder-1.34.21/src/zm_utils.cpp:412:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(pathname,
data/zoneminder-1.34.21/src/zm_video.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[48];
data/zoneminder-1.34.21/src/zm_video.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvalue[48];
data/zoneminder-1.34.21/src/zm_videostore.cpp:402:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool VideoStore::open() {
data/zoneminder-1.34.21/src/zm_videostore.h:88:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open();
data/zoneminder-1.34.21/src/zm_zone.cpp:133:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_zone.cpp:788:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int x = atoi(xp);
data/zoneminder-1.34.21/src/zm_zone.cpp:789:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int y = atoi(yp);
data/zoneminder-1.34.21/src/zm_zone.cpp:866:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_MED_BUFSIZ];
data/zoneminder-1.34.21/src/zm_zone.cpp:890:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int Id = atoi(dbrow[col++]);
data/zoneminder-1.34.21/src/zm_zone.cpp:892:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int Type = atoi(dbrow[col++]);
data/zoneminder-1.34.21/src/zm_zone.cpp:895:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int AlarmRGB = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:896:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int CheckMethod = atoi(dbrow[col++]);
data/zoneminder-1.34.21/src/zm_zone.cpp:897:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MinPixelThreshold = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:898:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MaxPixelThreshold = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:899:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MinAlarmPixels = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:900:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MaxAlarmPixels = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:901:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int FilterX = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:902:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int FilterY = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:903:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MinFilterPixels = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:904:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MaxFilterPixels = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:905:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MinBlobPixels = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:906:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MaxBlobPixels = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:907:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MinBlobs = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:908:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int MaxBlobs = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:909:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int OverloadFrames = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:910:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ExtendAlarmFrames = dbrow[col]?atoi(dbrow[col]):0; col++;
data/zoneminder-1.34.21/src/zm_zone.cpp:940:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( atoi(dbrow[2]) == Zone::INACTIVE ) {
data/zoneminder-1.34.21/src/zm_zone.cpp:942:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
} else if ( atoi(dbrow[2]) == Zone::PRIVACY ) {
data/zoneminder-1.34.21/src/zm_zone.cpp:954:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Id : %d\n", id );
data/zoneminder-1.34.21/src/zm_zone.cpp:964:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Shape : %d points\n", polygon.getNumCoords() );
data/zoneminder-1.34.21/src/zm_zone.cpp:966:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " %i: %d,%d\n", i, polygon.getCoord( i ).X(), polygon.getCoord( i ).Y() );
data/zoneminder-1.34.21/src/zm_zone.cpp:968:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Alarm RGB : %06x\n", alarm_rgb );
data/zoneminder-1.34.21/src/zm_zone.cpp:974:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Min Pixel Threshold : %d\n", min_pixel_threshold );
data/zoneminder-1.34.21/src/zm_zone.cpp:975:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Max Pixel Threshold : %d\n", max_pixel_threshold );
data/zoneminder-1.34.21/src/zm_zone.cpp:976:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Min Alarm Pixels : %d\n", min_alarm_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:977:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Max Alarm Pixels : %d\n", max_alarm_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:978:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Filter Box : %d,%d\n", filter_box.X(), filter_box.Y() );
data/zoneminder-1.34.21/src/zm_zone.cpp:979:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Min Filter Pixels : %d\n", min_filter_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:980:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Max Filter Pixels : %d\n", max_filter_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:981:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Min Blob Pixels : %d\n", min_blob_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:982:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Max Blob Pixels : %d\n", max_blob_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:983:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Min Blobs : %d\n", min_blobs );
data/zoneminder-1.34.21/src/zm_zone.cpp:984:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output+strlen(output), " Max Blobs : %d\n", max_blobs );
data/zoneminder-1.34.21/src/zm_zone.h:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_path[PATH_MAX];
data/zoneminder-1.34.21/src/zma.cpp:94:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(optarg);
data/zoneminder-1.34.21/src/zma.cpp:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_id_string[16];
data/zoneminder-1.34.21/src/zmc.cpp:141:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
monitor_id = atoi(optarg);
data/zoneminder-1.34.21/src/zmc.cpp:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_id_string[32] = "";
data/zoneminder-1.34.21/src/zmc.cpp:241:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zmc.cpp:365:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[ZM_SQL_SML_BUFSIZ];
data/zoneminder-1.34.21/src/zms.cpp:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32] = "";
data/zoneminder-1.34.21/src/zms.cpp:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth[64] = "";
data/zoneminder-1.34.21/src/zms.cpp:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_id_string[32] = "zms";
data/zoneminder-1.34.21/src/zms.cpp:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_query[1024];
data/zoneminder-1.34.21/src/zms.cpp:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *parms[16]; // Shouldn't be more than this
data/zoneminder-1.34.21/src/zms.cpp:124:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
monitor_id = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:128:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
event_time = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:136:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scale = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:138:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rate = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:142:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitrate = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:144:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ttl = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:158:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
connkey = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:160:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
playback_buffer = atoi(value);
data/zoneminder-1.34.21/src/zms.cpp:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_string[64];
data/zoneminder-1.34.21/src/zmu.cpp:289:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mon_id = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:300:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
image_idx = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:303:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scale = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:308:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
image_idx = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:357:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
brightness = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:362:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contrast = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:367:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hue = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:372:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
colour = atoi(optarg);
data/zoneminder-1.34.21/src/zmu.cpp:388:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v4lVersion = (atoi(optarg)==1)?1:2;
data/zoneminder-1.34.21/src/zmu.cpp:509:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp_str[64] = "None";
data/zoneminder-1.34.21/src/zmu.cpp:632:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monString[16382] = "";
data/zoneminder-1.34.21/src/zmu.cpp:708:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vidString[0x10000] = "";
data/zoneminder-1.34.21/src/zmu.cpp:739:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mon_id = atoi(dbrow[0]);
data/zoneminder-1.34.21/src/zmu.cpp:740:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int function = atoi(dbrow[1]);
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:493:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t decimal_point_len = strlen(decimal_point);
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:654:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int getc() {
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:684:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getc();
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:693:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc() != expected) {
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:701:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc() != *pi) {
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:713:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((hex = in.getc()) == -1) {
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:742:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (in.getc() != '\\' || in.getc() != 'u') {
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:742:33: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (in.getc() != '\\' || in.getc() != 'u') {
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:774:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = in.getc();
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:781:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = in.getc()) == -1) {
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:852:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = in.getc();
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:871:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = in.getc();
data/zoneminder-1.34.21/src/jwt-cpp/include/jwt-cpp/picojson.h:1079:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = in.getc();
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:64:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
partial = read(fd, out + total, count - total);
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:93:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len1 = strlen(str1);
data/zoneminder-1.34.21/src/libbcrypt/src/bcrypt.c:94:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len2 = strlen(str2);
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:400:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (setting && strlen(hash) < 30) /* not for benchmark */
data/zoneminder-1.34.21/src/libbcrypt/src/wrapper.c:439:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ok = !setting || strlen(hash) >= 30;
data/zoneminder-1.34.21/src/zm_buffer.cpp:75:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytes_read = read( sd, mTail, bytes );
data/zoneminder-1.34.21/src/zm_comms.cpp:248:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( mAddrUn.sun_path, path, sizeof(mAddrUn.sun_path) );
data/zoneminder-1.34.21/src/zm_comms.cpp:558:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "n/a", sizeof(buf)-1);
data/zoneminder-1.34.21/src/zm_comms.cpp:633:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "n/a", sizeof(buf)-1);
data/zoneminder-1.34.21/src/zm_comms.h:74:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read( void *msg, int len ) {
data/zoneminder-1.34.21/src/zm_comms.h:75:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t nBytes = ::read( mRd, msg, len );
data/zoneminder-1.34.21/src/zm_config.cpp:134:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *temp_ptr = line_ptr+strlen(line_ptr)-1;
data/zoneminder-1.34.21/src/zm_config.cpp:214:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(p_name)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:216:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = new char[strlen(p_value)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:218:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = new char[strlen(p_type)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:228:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(item.name)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:230:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = new char[strlen(item.value)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:232:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = new char[strlen(item.type)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:241:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(item.name)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:244:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = new char[strlen(item.value)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:247:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = new char[strlen(item.type)+1];
data/zoneminder-1.34.21/src/zm_config.cpp:347:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(sql, "SELECT `Name`, `Value`, `Type` FROM `Config` ORDER BY `Id`", sizeof(sql) );
data/zoneminder-1.34.21/src/zm_crypt.cpp:134:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(db_password_hash) < 4 ) {
data/zoneminder-1.34.21/src/zm_crypt.cpp:155:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1_Update(&ctx1, input_password, strlen(input_password));
data/zoneminder-1.34.21/src/zm_crypt.cpp:164:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gnutls_hash_fast(GNUTLS_DIG_SHA1, input_password, strlen(input_password), digest_interim);
data/zoneminder-1.34.21/src/zm_curl_camera.cpp:54:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
content_length_match_len = strlen(content_length_match);
data/zoneminder-1.34.21/src/zm_curl_camera.cpp:55:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
content_type_match_len = strlen(content_type_match);
data/zoneminder-1.34.21/src/zm_curl_camera.cpp:360:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(content_type.c_str(),multipart_match,strlen(multipart_match)) == 0) {
data/zoneminder-1.34.21/src/zm_curl_camera.cpp:363:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(strncasecmp(content_type.c_str(),image_jpeg_match,strlen(image_jpeg_match)) == 0) {
data/zoneminder-1.34.21/src/zm_event.cpp:155:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(date_path, path, sizeof(date_path));
data/zoneminder-1.34.21/src/zm_event.cpp:429:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( mysql_stmt_prepare(stmt, sql, strlen(sql)) ) {
data/zoneminder-1.34.21/src/zm_event.cpp:459:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(notesStr, notes.c_str(), sizeof(notesStr));
data/zoneminder-1.34.21/src/zm_event.cpp:487:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(sql, "INSERT INTO `Frames` (`EventId`, `FrameId`, `TimeStamp`, `Delta`) VALUES ", sizeof(sql));
data/zoneminder-1.34.21/src/zm_event.cpp:527:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sql_len = strlen(sql);
data/zoneminder-1.34.21/src/zm_event.cpp:536:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(sql+strlen(sql)-2) = '\0';
data/zoneminder-1.34.21/src/zm_eventstream.cpp:154:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(event_data->video_file, dbrow[5], sizeof(event_data->video_file)-1);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:940:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(STREAM_PAUSE_WAIT);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:1019:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delta_us);
data/zoneminder-1.34.21/src/zm_eventstream.cpp:1037:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delta_us);
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:67:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(logString);
data/zoneminder-1.34.21/src/zm_ffmpeg.cpp:274:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (filename) strncpy(s->filename, filename, sizeof(s->filename)-1);
data/zoneminder-1.34.21/src/zm_fifo.cpp:94:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(dbg_ptr++, "\n", 2);
data/zoneminder-1.34.21/src/zm_fifo.cpp:111:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (bytes_read = read(fd, buffer, RAW_BUFFER)) ) {
data/zoneminder-1.34.21/src/zm_fifo.cpp:169:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(bytes_read = read(fd, buffer+total_read, ZM_MAX_IMAGE_SIZE-total_read))
data/zoneminder-1.34.21/src/zm_file_camera.cpp:59:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( path, p_path, sizeof(path)-1 );
data/zoneminder-1.34.21/src/zm_file_camera.cpp:92:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_group.cpp:40:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, dbrow[index++], sizeof(name)-1);
data/zoneminder-1.34.21/src/zm_group.cpp:58:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, dbrow[index++], sizeof(name)-1);
data/zoneminder-1.34.21/src/zm_image.cpp:261:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text, p_image.text, sizeof(text));
data/zoneminder-1.34.21/src/zm_image.cpp:1121:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jpeg_write_marker(cinfo, JPEG_COM, (const JOCTET *)text, strlen(text));
data/zoneminder-1.34.21/src/zm_image.cpp:1856:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int text_len = strlen( text );
data/zoneminder-1.34.21/src/zm_image.cpp:1921:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text, p_text, sizeof(text)-1);
data/zoneminder-1.34.21/src/zm_image.cpp:1925:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int text_len = strlen(text);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1284:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(queryDevice, device, sizeof(queryDevice)-1);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1292:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Error, failed to open video device %s: %s\n",
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1295:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "error%d\n", errno);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1302:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Video Device: %s\n", queryDevice);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1304:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "d:%s|", queryDevice);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1320:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "General Capabilities\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1321:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Driver: %s\n", vid_cap.driver);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1322:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Card: %s\n", vid_cap.card);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1323:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Bus: %s\n", vid_cap.bus_info);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1324:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Version: %u.%u.%u\n",
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1326:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Type: 0x%x\n%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1348:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "D:%s|", vid_cap.driver);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1349:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "C:%s|", vid_cap.card);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1350:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "B:%s|", vid_cap.bus_info);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1351:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "V:%u.%u.%u|", (vid_cap.version>>16)&0xff, (vid_cap.version>>8)&0xff, vid_cap.version&0xff);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1352:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "T:0x%x|", vid_cap.capabilities);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1356:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Standards:\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1358:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "S:");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1380:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " %s\n", standard.name);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1382:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "%s/", standard.name);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1385:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !verbose && output[strlen(output)-1] == '/')
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1386:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output[strlen(output)-1] = '|';
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1389:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Formats:\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1391:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "F:");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1414:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output+strlen(output),
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1423:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output+strlen(output),
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1431:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output[strlen(output)-1] = '|';
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1433:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Crop Capabilities\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1445:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Cropping is not supported\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1448:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "B:%dx%d|",0,0);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1462:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Cropping is not supported\n");
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1465:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "B:%dx%d|",0,0);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1470:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Bounds: %d x %d\n", cropcap.bounds.width, cropcap.bounds.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1471:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Default: %d x %d\n", cropcap.defrect.width, cropcap.defrect.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1472:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), " Current: %d x %d\n", crop.c.width, crop.c.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1474:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "B:%dx%d|", cropcap.bounds.width, cropcap.bounds.height);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1499:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Inputs: %d\n", inputIndex);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1501:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "I:%d|", inputIndex);
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1531:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Input %d\n", input.index );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1532:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Name: %s\n", input.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1533:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Type: %s\n", input.type==V4L2_INPUT_TYPE_TUNER?"Tuner":(input.type==V4L2_INPUT_TYPE_CAMERA?"Camera":"Unknown") );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1534:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Audioset: %08x\n", input.audioset );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1535:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Standards: 0x%llx\n", input.std );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1537:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "i%d:%s|", input.index, input.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1538:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "i%dT:%s|", input.index, input.type==V4L2_INPUT_TYPE_TUNER?"Tuner":(input.type==V4L2_INPUT_TYPE_CAMERA?"Camera":"Unknown") );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1539:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "i%dS:%llx|", input.index, input.std );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1543:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_POWER, "Power ", "off", "on", " (X)" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1544:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_SIGNAL, "Signal ", "not detected", "detected", " (X)" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1545:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_COLOR, "Colour Signal ", "not detected", "detected", "" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1546:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " %s", capString( input.status&V4L2_IN_ST_NO_H_LOCK, "Horizontal Lock ", "not detected", "detected", "" ) );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1548:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "i%dSP:%d|", input.index, (input.status&V4L2_IN_ST_NO_POWER)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1549:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "i%dSS:%d|", input.index, (input.status&V4L2_IN_ST_NO_SIGNAL)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1550:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "i%dSC:%d|", input.index, (input.status&V4L2_IN_ST_NO_COLOR)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1551:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "i%dHP:%d|", input.index, (input.status&V4L2_IN_ST_NO_H_LOCK)?0:1 );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1555:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output[strlen(output)-1] = '\n';
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1571:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Video Capabilities\n" );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1572:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Name: %s\n", vid_cap.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1573:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Type: %d\n%s%s%s%s%s%s%s%s%s%s%s%s%s%s", vid_cap.type,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1589:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Video Channels: %d\n", vid_cap.channels );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1590:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Audio Channels: %d\n", vid_cap.audios );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1591:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Maximum Width: %d\n", vid_cap.maxwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1592:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Maximum Height: %d\n", vid_cap.maxheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1593:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Minimum Width: %d\n", vid_cap.minwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1594:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Minimum Height: %d\n", vid_cap.minheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1598:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "N:%s|", vid_cap.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1599:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "T:%d|", vid_cap.type );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1600:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "nC:%d|", vid_cap.channels );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1601:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "nA:%d|", vid_cap.audios );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1602:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "mxW:%d|", vid_cap.maxwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1603:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "mxH:%d|", vid_cap.maxheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1604:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "mnW:%d|", vid_cap.minwidth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1605:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "mnH:%d|", vid_cap.minheight );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1619:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Window Attributes\n" );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1620:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " X Offset: %d\n", vid_win.x );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1621:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Y Offset: %d\n", vid_win.y );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1622:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Width: %d\n", vid_win.width );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1623:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Height: %d\n", vid_win.height );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1625:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "X:%d|", vid_win.x );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1626:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Y:%d|", vid_win.y );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1627:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "W:%d|", vid_win.width );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1628:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "H:%d|", vid_win.height );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1642:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Picture Attributes\n" );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1643:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Palette: %d - %s\n", vid_pic.palette,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1663:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Colour Depth: %d\n", vid_pic.depth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1664:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Brightness: %d\n", vid_pic.brightness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1665:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Hue: %d\n", vid_pic.hue );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1666:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Colour :%d\n", vid_pic.colour );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1667:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Contrast: %d\n", vid_pic.contrast );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1668:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Whiteness: %d\n", vid_pic.whiteness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1670:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "P:%d|", vid_pic.palette );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1671:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "D:%d|", vid_pic.depth );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1672:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "B:%d|", vid_pic.brightness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1673:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "h:%d|", vid_pic.hue );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1674:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Cl:%d|", vid_pic.colour );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1675:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Cn:%d|", vid_pic.contrast );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1676:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "w:%d|", vid_pic.whiteness );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1692:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Channel %d Attributes\n", chan );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1693:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Name: %s\n", vid_src.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1694:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Channel: %d\n", vid_src.channel );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1695:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Flags: %d\n%s%s", vid_src.flags,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1699:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Type: %d - %s\n", vid_src.type,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1703:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Format: %d - %s\n", vid_src.norm,
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1710:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "n%d:%s|", chan, vid_src.name );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1711:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "C%d:%d|", chan, vid_src.channel );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1712:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Fl%d:%x|", chan, vid_src.flags );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1713:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "T%d:%d|", chan, vid_src.type );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1714:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "F%d:%d%s|", chan, vid_src.norm, chan==(vid_cap.channels-1)?"":"," );
data/zoneminder-1.34.21/src/zm_local_camera.cpp:1718:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output[strlen(output)-1] = '\n';
data/zoneminder-1.34.21/src/zm_logger.cpp:532:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(logPtr, "]\n", sizeof(logString)-(logPtr-logString));
data/zoneminder-1.34.21/src/zm_logger.cpp:560:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char escapedString[(strlen(syslogStart)*2)+1];
data/zoneminder-1.34.21/src/zm_logger.cpp:563:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mysql_real_escape_string(&dbconn, escapedString, syslogStart, strlen(syslogStart));
data/zoneminder-1.34.21/src/zm_mem_utils.h:66:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t acc_len = strlen(accept);
data/zoneminder-1.34.21/src/zm_mem_utils.h:86:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n_len = strlen(n);
data/zoneminder-1.34.21/src/zm_mem_utils.h:108:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t acc_len = strlen(accept);
data/zoneminder-1.34.21/src/zm_mem_utils.h:133:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rej_len = strlen( reject );
data/zoneminder-1.34.21/src/zm_monitor.cpp:111:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( name, p_name, sizeof(name)-1 );
data/zoneminder-1.34.21/src/zm_monitor.cpp:378:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, p_name, sizeof(name)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:380:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(event_prefix, p_event_prefix, sizeof(event_prefix)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:381:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(label_format, p_label_format, sizeof(label_format)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:960:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(trigger_data->trigger_cause, force_cause, sizeof(trigger_data->trigger_cause)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:961:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(trigger_data->trigger_text, force_text, sizeof(trigger_data->trigger_text)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1016:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1027:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1047:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1058:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1078:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1089:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1109:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1120:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1563:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(shared_data->alarm_cause, alarm_cause.c_str(), sizeof(shared_data->alarm_cause)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1824:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(event_prefix, dbrow[index++], sizeof(event_prefix)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:1830:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(label_format, dbrow[index++], sizeof(label_format)-1);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2789:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Id : %d\n", id );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2790:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Name : %s\n", name );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2791:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Type : %s\n", camera->IsLocal()?"Local":(camera->IsRemote()?"Remote":"File") );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2794:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Device : %s\n", ((LocalCamera *)camera)->Device().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2795:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Channel : %d\n", ((LocalCamera *)camera)->Channel() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2796:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Standard : %d\n", ((LocalCamera *)camera)->Standard() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2800:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Protocol : %s\n", ((RemoteCamera *)camera)->Protocol().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2801:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Host : %s\n", ((RemoteCamera *)camera)->Host().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2802:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Port : %s\n", ((RemoteCamera *)camera)->Port().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2803:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Path : %s\n", ((RemoteCamera *)camera)->Path().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2805:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Path : %s\n", ((FileCamera *)camera)->Path() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2809:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Path : %s\n", ((FfmpegCamera *)camera)->Path().c_str() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2812:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Width : %d\n", camera->Width() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2813:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Height : %d\n", camera->Height() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2816:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), "Palette : %d\n", ((LocalCamera *)camera)->Palette() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2819:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Colours : %d\n", camera->Colours() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2820:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Subpixel Order : %d\n", camera->SubpixelOrder() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2821:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Event Prefix : %s\n", event_prefix );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2822:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Label Format : %s\n", label_format );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2823:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Label Coord : %d,%d\n", label_coord.X(), label_coord.Y() );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2824:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Label Size : %d\n", label_size );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2825:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Image Buffer Count : %d\n", image_buffer_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2826:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Warmup Count : %d\n", warmup_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2827:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Pre Event Count : %d\n", pre_event_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2828:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Post Event Count : %d\n", post_event_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2829:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Stream Replay Buffer : %d\n", stream_replay_buffer );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2830:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Alarm Frame Count : %d\n", alarm_frame_count );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2831:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Section Length : %d\n", section_length);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2832:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Min Section Length : %d\n", min_section_length);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2833:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Maximum FPS : %.2f\n", capture_delay?(double)DT_PREC_3/capture_delay:0.0);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2834:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Alarm Maximum FPS : %.2f\n", alarm_capture_delay?(double)DT_PREC_3/alarm_capture_delay:0.0);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2835:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Reference Blend %%ge : %d\n", ref_blend_perc);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2836:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Alarm Reference Blend %%ge : %d\n", alarm_ref_blend_perc);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2837:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Track Motion : %d\n", track_motion);
data/zoneminder-1.34.21/src/zm_monitor.cpp:2838:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Function: %d - %s\n", function,
data/zoneminder-1.34.21/src/zm_monitor.cpp:2846:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(output+strlen(output), "Zones : %d\n", n_zones );
data/zoneminder-1.34.21/src/zm_monitor.cpp:2848:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zones[i]->DumpSettings(output+strlen(output), verbose);
data/zoneminder-1.34.21/src/zm_monitorstream.cpp:770:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(sleep_time);
data/zoneminder-1.34.21/src/zm_mpeg.cpp:462:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(format);
data/zoneminder-1.34.21/src/zm_mpeg.cpp:740:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( (target_ns - current_time_ns) * 0.001 );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:597:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
http_match_len = strlen( http_match );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:599:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connection_match_len = strlen( connection_match );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:601:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
content_length_match_len = strlen( content_length_match );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:603:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
content_type_match_len = strlen( content_type_match );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:605:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_match_len = strlen( boundary_match );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:607:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authenticate_match_len = strlen( authenticate_match );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:735:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( http_version, start_ptr, end_ptr-start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:742:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( status_code, start_ptr, end_ptr-start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:800:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( content_type, start_ptr, end_ptr-start_ptr );
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:909:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(
data/zoneminder-1.34.21/src/zm_remote_camera_http.cpp:917:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(
data/zoneminder-1.34.21/src/zm_remote_camera_rtsp.cpp:155:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_rtsp.cpp:97:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( sql, "select Id from Monitors where Function != 'None' and Type = 'Remote' and Protocol = 'rtsp' and Method = 'rtpUni' order by Id asc", sizeof(sql) );
data/zoneminder-1.34.21/src/zm_rtsp.cpp:414:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (std::equal(trackUrl.begin(), trackUrl.end(), controlUrl.begin())) {
data/zoneminder-1.34.21/src/zm_rtsp.cpp:609:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 100000 );
data/zoneminder-1.34.21/src/zm_rtsp.cpp:769:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:63:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t digest_match_len = strlen(digest_match);
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:66:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncasecmp(headerData.c_str(),basic_match,strlen(basic_match)) == 0 ) {
data/zoneminder-1.34.21/src/zm_rtsp_auth.cpp:202:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t authenticate_match_len = strlen(authenticate_match);
data/zoneminder-1.34.21/src/zm_sdp.cpp:333:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(formatContext->filename, mUrl.c_str(), sizeof(formatContext->filename));
data/zoneminder-1.34.21/src/zm_sdp.cpp:391:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(codec_context->codec_name, smStaticPayloads[i].payloadName, sizeof(codec_context->codec_name));
data/zoneminder-1.34.21/src/zm_sdp.cpp:407:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(codec_context->codec_name, smDynamicPayloads[i].payloadName, sizeof(codec_context->codec_name));
data/zoneminder-1.34.21/src/zm_signal.cpp:98:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cmd_ptr = cmd + strlen(cmd);
data/zoneminder-1.34.21/src/zm_storage.cpp:37:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, staticConfig.DIR_EVENTS.c_str(), sizeof(path)-1 );
data/zoneminder-1.34.21/src/zm_storage.cpp:46:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( name, dbrow[index++], sizeof(name)-1 );
data/zoneminder-1.34.21/src/zm_storage.cpp:47:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( path, dbrow[index++], sizeof(path)-1 );
data/zoneminder-1.34.21/src/zm_storage.cpp:73:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, dbrow[index++], sizeof(name)-1);
data/zoneminder-1.34.21/src/zm_storage.cpp:74:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, dbrow[index++], sizeof(path)-1);
data/zoneminder-1.34.21/src/zm_storage.cpp:92:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, staticConfig.DIR_EVENTS.c_str(), sizeof(path)-1);
data/zoneminder-1.34.21/src/zm_stream.cpp:343:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(loc_addr.sun_path, loc_sock_path, sizeof(loc_addr.sun_path));
data/zoneminder-1.34.21/src/zm_stream.cpp:346:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ::bind(sd, (struct sockaddr *)&loc_addr, strlen(loc_addr.sun_path)+sizeof(loc_addr.sun_family)+1) < 0 ) {
data/zoneminder-1.34.21/src/zm_stream.cpp:351:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rem_addr.sun_path, rem_sock_path, sizeof(rem_addr.sun_path));
data/zoneminder-1.34.21/src/zm_user.cpp:54:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username, dbrow[index++], sizeof(username)-1);
data/zoneminder-1.34.21/src/zm_user.cpp:55:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(password, dbrow[index++], sizeof(password)-1);
data/zoneminder-1.34.21/src/zm_user.cpp:77:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username, u.username, sizeof(username));
data/zoneminder-1.34.21/src/zm_user.cpp:78:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(password, u.password, sizeof(password));
data/zoneminder-1.34.21/src/zm_user.cpp:105:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int username_length = strlen(username);
data/zoneminder-1.34.21/src/zm_user.cpp:293:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5((unsigned char *)auth_key, strlen(auth_key), md5sum);
data/zoneminder-1.34.21/src/zm_user.cpp:295:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gnutls_datum_t md5data = { (unsigned char *)auth_key, (unsigned int)strlen(auth_key) };
data/zoneminder-1.34.21/src/zm_user.cpp:333:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(username) > 32 )
data/zoneminder-1.34.21/src/zm_user.cpp:343:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(password) > 64 )
data/zoneminder-1.34.21/src/zm_zone.cpp:55:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label = new char[strlen(p_label)+1];
data/zoneminder-1.34.21/src/zm_zone.cpp:761:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *str_ptr = new char[strlen(poly_string)+1];
data/zoneminder-1.34.21/src/zm_zone.cpp:767:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_n_coords = strlen(str)/4;
data/zoneminder-1.34.21/src/zm_zone.cpp:824:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *str_ptr = new char[strlen(zone_string)+1];
data/zoneminder-1.34.21/src/zm_zone.cpp:954:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Id : %d\n", id );
data/zoneminder-1.34.21/src/zm_zone.cpp:955:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Label : %s\n", label );
data/zoneminder-1.34.21/src/zm_zone.cpp:956:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Type: %d - %s\n", type,
data/zoneminder-1.34.21/src/zm_zone.cpp:964:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Shape : %d points\n", polygon.getNumCoords() );
data/zoneminder-1.34.21/src/zm_zone.cpp:966:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " %i: %d,%d\n", i, polygon.getCoord( i ).X(), polygon.getCoord( i ).Y() );
data/zoneminder-1.34.21/src/zm_zone.cpp:968:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Alarm RGB : %06x\n", alarm_rgb );
data/zoneminder-1.34.21/src/zm_zone.cpp:969:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Check Method: %d - %s\n", check_method,
data/zoneminder-1.34.21/src/zm_zone.cpp:974:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Min Pixel Threshold : %d\n", min_pixel_threshold );
data/zoneminder-1.34.21/src/zm_zone.cpp:975:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Max Pixel Threshold : %d\n", max_pixel_threshold );
data/zoneminder-1.34.21/src/zm_zone.cpp:976:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Min Alarm Pixels : %d\n", min_alarm_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:977:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Max Alarm Pixels : %d\n", max_alarm_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:978:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Filter Box : %d,%d\n", filter_box.X(), filter_box.Y() );
data/zoneminder-1.34.21/src/zm_zone.cpp:979:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Min Filter Pixels : %d\n", min_filter_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:980:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Max Filter Pixels : %d\n", max_filter_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:981:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Min Blob Pixels : %d\n", min_blob_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:982:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Max Blob Pixels : %d\n", max_blob_pixels );
data/zoneminder-1.34.21/src/zm_zone.cpp:983:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Min Blobs : %d\n", min_blobs );
data/zoneminder-1.34.21/src/zm_zone.cpp:984:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( output+strlen(output), " Max Blobs : %d\n", max_blobs );
data/zoneminder-1.34.21/src/zma.cpp:166:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(monitor->Active()?ZM_SAMPLE_RATE:ZM_SUSPENDED_RATE);
data/zoneminder-1.34.21/src/zma.cpp:168:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(analysis_rate);
data/zoneminder-1.34.21/src/zmc.cpp:336:15: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(sleep_time*(DT_MAXGRAN/DT_PREC_3));
data/zoneminder-1.34.21/src/zms.cpp:85:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( basename && !strncmp(basename, nph_prefix, strlen(nph_prefix)) ) {
data/zoneminder-1.34.21/src/zms.cpp:98:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_query, query, sizeof(temp_query)-1);
data/zoneminder-1.34.21/src/zms.cpp:122:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( format, value, sizeof(format) );
data/zoneminder-1.34.21/src/zms.cpp:162:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(auth, value, sizeof(auth)-1);
data/zoneminder-1.34.21/src/zmu.cpp:590:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
ANALYSIS SUMMARY:
Hits = 1011
Lines analyzed = 54432 in approximately 1.80 seconds (30257 lines/second)
Physical Source Lines of Code (SLOC) = 42921
Hits@level = [0] 244 [1] 309 [2] 557 [3] 19 [4] 126 [5] 0
Hits@level+ = [0+] 1255 [1+] 1011 [2+] 702 [3+] 145 [4+] 126 [5+] 0
Hits/KSLOC@level+ = [0+] 29.2398 [1+] 23.5549 [2+] 16.3556 [3+] 3.3783 [4+] 2.93563 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.