rdkcentral · suppal045 · Nov 24, 2025 · Nov 24, 2025 · Nov 24, 2025 · Nov 24, 2025
@@ -1,5 +1,5 @@
 /*
 * If not stated otherwise in this file or this component's Licenses.txt file the
 * following copyright and licenses apply:
 *
 * Copyright 2023 RDK Management
@@ -37,7 +37,11 @@
 {
     if (m_GstPlayer == nullptr)
     {
-        m_GstPlayer = new MiracastGstPlayer();
+        m_GstPlayer = new (std::nothrow) MiracastGstPlayer();
+        if (m_GstPlayer == nullptr) {
+            MIRACASTLOG_ERROR("Failed to allocate MiracastGstPlayer");
+            return nullptr;
+        }
     }
     return m_GstPlayer;
 }
@@ -114,7 +118,7 @@
     if (( nullptr != m_video_sink ) && ( 0 < m_video_rect_st.width ) && ( 0 < m_video_rect_st.height ))
     {
         char rectString[64];
-        sprintf(rectString,"%d,%d,%d,%d", m_video_rect_st.startX, m_video_rect_st.startY,
+        snprintf(rectString, sizeof(rectString), "%d,%d,%d,%d", m_video_rect_st.startX, m_video_rect_st.startY,
                 m_video_rect_st.width, m_video_rect_st.height);
         g_object_set(G_OBJECT(m_video_sink), "window-set", rectString, nullptr);
     }
@@ -723,7 +727,7 @@
     GstStateChangeReturn ret;
     GstBus *bus = nullptr;
     bool return_value = true;
-    m_customQueueHandle = new MessageQueue(500,gstBufferReleaseCallback);
+    m_customQueueHandle = new (std::nothrow) MessageQueue(500,gstBufferReleaseCallback);
 
     if (nullptr == m_customQueueHandle)
     {

@@ -1,5 +1,5 @@
 /*
 * If not stated otherwise in this file or this component's Licenses.txt file the
 * following copyright and licenses apply:
 *
 * Copyright 2023 RDK Management
@@ -359,7 +359,7 @@
     // Set the 1st to 3rd bits based on the value of skip_intervals
     video_frame_control_support |= ((0x07 & st_video_fmt.st_h264_codecs.max_skip_intervals) << 1); // 1:3 bits for intervals
 
-    sprintf( video_format_buffer , 
+    snprintf(video_format_buffer, sizeof(video_format_buffer),
                 "%02x %02x %02x %02x %08x %08x %08x %02x %04x %04x %02x ",
                 st_video_fmt.native,
                 st_video_fmt.preferred_display_mode_supported,
@@ -384,7 +384,7 @@
     }
     else{
         memset( video_format_buffer , 0x00 , sizeof(video_format_buffer));
-        sprintf( video_format_buffer , 
+        snprintf(video_format_buffer, sizeof(video_format_buffer),
                     "%04x %04x",
                     st_video_fmt.st_h264_codecs.max_hres,
                     st_video_fmt.st_h264_codecs.max_vres );
@@ -447,7 +447,7 @@
     }
     memcpy(&m_wfd_audio_formats_st , &st_audio_fmt , sizeof(RTSP_WFD_AUDIO_FMT_STRUCT));
 
-    sprintf( audio_format_buffer , 
+    snprintf(audio_format_buffer, sizeof(audio_format_buffer),
                 "%s %08x %02x",
                 audio_format_str.c_str(),
                 st_audio_fmt.modes,

@@ -1,5 +1,5 @@
 /*
 * If not stated otherwise in this file or this component's Licenses.txt file the
 * following copyright and licenses apply:
 *
 * Copyright 2023 RDK Management
@@ -549,6 +549,7 @@
 
         static std::string format_string(const char *fmt, const std::vector<const char *> &args)
         {
+            const size_t MAX_FORMAT_SIZE = 8192; // 8KB limit
             std::string result = fmt;
             size_t arg_index = 0;
             size_t arg_count = args.size();
@@ -557,6 +558,10 @@
                 size_t found = result.find("%s");
                 if (found != std::string::npos)
                 {
+                    // Check size limit before replacement
+                    if (result.length() + strlen(args[arg_index]) > MAX_FORMAT_SIZE) {
+                        break; // Prevent excessive size
+                    }
                     result.replace(found, 2, args[arg_index]);
                 }
                 ++arg_index;

@@ -36,7 +36,11 @@ MiracastGstPlayer *MiracastGstPlayer::getInstance()
 {
 	if (m_GstPlayer == nullptr)
 	{
-		m_GstPlayer = new MiracastGstPlayer();
+		m_GstPlayer = new (std::nothrow) MiracastGstPlayer();
+		if (nullptr == m_GstPlayer)
+		{
+			MIRACASTLOG_ERROR("Failed to allocate MiracastGstPlayer singleton");
+		}
 	}
 	return m_GstPlayer;
 }

@@ -1,5 +1,5 @@
 /*
 * If not stated otherwise in this file or this component's Licenses.txt file the
 * following copyright and licenses apply:
 *
 * Copyright 2023 RDK Management
@@ -28,7 +28,7 @@
     MIRACASTLOG_TRACE("Entering...");
     if (nullptr == m_miracast_ctrl_obj)
     {
-        m_miracast_ctrl_obj = new MiracastController();
+        m_miracast_ctrl_obj = new (std::nothrow) MiracastController();
         if (nullptr != m_miracast_ctrl_obj)
         {
             m_miracast_ctrl_obj->m_notify_handler = notifier;
@@ -93,7 +93,7 @@
     MiracastError ret_code = MIRACAST_OK;
     MIRACASTLOG_TRACE("Entering...");
 
-    m_controller_thread = new MiracastThread(CONTROLLER_THREAD_NAME,
+    m_controller_thread = new (std::nothrow) MiracastThread(CONTROLLER_THREAD_NAME,
                                              CONTROLLER_THREAD_STACK,
                                              CONTROLLER_MSGQ_COUNT,
                                              CONTROLLER_MSGQ_SIZE,
@@ -255,7 +255,7 @@
     std::size_t len = 0;
     unsigned char retry_count = 5;
 
-    sprintf( sys_cls_file_ifidx , "/sys/class/net/%s/ifindex" , interface.c_str());
+    snprintf(sys_cls_file_ifidx, sizeof(sys_cls_file_ifidx), "/sys/class/net/%s/ifindex", interface.c_str());
 
     std::ifstream ifIndexFile(sys_cls_file_ifidx);
 
@@ -264,9 +264,7 @@
         return std::string("");
     }
 
-    sprintf(command, "/sbin/udhcpc -v -i ");
-    sprintf(command + strlen(command), "%s" , interface.c_str());
-    sprintf(command + strlen(command), " -s /etc/wifi_p2p/udhcpc.script 2>&1");
+    snprintf(command, sizeof(command), "/sbin/udhcpc -v -i %s -s /etc/wifi_p2p/udhcpc.script 2>&1", interface.c_str());
-    snprintf(command, sizeof(command), "/sbin/udhcpc -v -i %s -s /etc/wifi_p2p/udhcpc.script 2>&1", interface.c_str());
+    int written = snprintf(command, sizeof(command), "/sbin/udhcpc -v -i %s -s /etc/wifi_p2p/udhcpc.script 2>&1", interface.c_str());
+    if (written < 0 || written >= (int)sizeof(command)) {
+        MIRACASTLOG_ERROR("Failed to format command string");
+        return std::string("");
+    }
-    snprintf(command, sizeof(command), "/sbin/udhcpc -v -i %s -s /etc/wifi_p2p/udhcpc.script 2>&1", interface.c_str());
+    int written = snprintf(command, sizeof(command), "/sbin/udhcpc -v -i %s -s /etc/wifi_p2p/udhcpc.script 2>&1", interface.c_str());
+    if (written < 0 || written >= (int)sizeof(command)) {
+        MIRACASTLOG_ERROR("Failed to format command string");
+        return std::string("");
+    }
     MIRACASTLOG_VERBOSE("command : [%s]", command);
 
     while ( retry_count-- )
@@ -280,20 +278,27 @@
         {
             MIRACASTLOG_VERBOSE("udhcpc output as below:\n");
             memset( data , 0x00 , sizeof(data));
+            size_t data_len = 0;
             while (getline(&current_line_buffer, &len, popen_file_ptr) != -1)
             {
-                sprintf(data + strlen(data), "%s" ,  current_line_buffer);
+                size_t remaining = sizeof(data) - data_len - 1;
+                if (remaining > 0) {
+                    size_t to_copy = strnlen(current_line_buffer, remaining);
+                    memcpy(data + data_len, current_line_buffer, to_copy);
+                    data_len += to_copy;
+                    data[data_len] = '\0';
+                }
-                    data[data_len] = '\0';
-                }
+                    data[data_len] = '\0';
+                    if (remaining == to_copy) {
+                        // The current line was exactly truncated to fit the buffer, check if next line would overflow
+                        continue;
+                    }
+                } else {
+                    MIRACASTLOG_WARN("Buffer full while reading udhcpc output, truncating data.");
+                    break;
+                }
+                if (data_len >= sizeof(data) - 1) {
+                    MIRACASTLOG_WARN("Buffer full while reading udhcpc output, truncating data.");
+                    break;
+                }
-                    data[data_len] = '\0';
-                }
+                    data[data_len] = '\0';
+                    if (remaining == to_copy) {
+                        // The current line was exactly truncated to fit the buffer, check if next line would overflow
+                        continue;
+                    }
+                } else {
+                    MIRACASTLOG_WARN("Buffer full while reading udhcpc output, truncating data.");
+                    break;
+                }
+                if (data_len >= sizeof(data) - 1) {
+                    MIRACASTLOG_WARN("Buffer full while reading udhcpc output, truncating data.");
+                    break;
+                }
                 popen_buffer = data;
                 MIRACASTLOG_INFO("data : [%s][%s]", data,popen_buffer.c_str());
 
-                if ( local_addr.empty() && (std::regex_search(popen_buffer, match, localipRegex)))
+                if ( local_addr.empty() && (std::regex_search(popen_buffer, match, localipRegex)) && match.size() > 1)
                 {
                     local_addr = match[1];
                     MIRACASTLOG_INFO("local IP addr obtained is %s\n", local_addr.c_str());
                 }
 
                 /* Here retrieved the default gw ip address. Later it can be used as GO IP address if P2P-GROUP started as PERSISTENT */
-                if ( gw_ip_addr.empty() && (std::regex_search(popen_buffer, match, goipRegex1)))
+                if ( gw_ip_addr.empty() && (std::regex_search(popen_buffer, match, goipRegex1)) && match.size() > 1)
                 {
                     gw_ip_addr = match[1];
                     MIRACASTLOG_INFO("GO IP addr obtained is %s\n", gw_ip_addr.c_str());
@@ -648,7 +653,11 @@
     // Allocate memory and update the device cache info
     if ( nullptr == cur_device_info_ptr )
     {
-        cur_device_info_ptr = new DeviceInfo;
+        cur_device_info_ptr = new (std::nothrow) DeviceInfo;
+        if (nullptr == cur_device_info_ptr) {
+            MIRACASTLOG_ERROR("Failed to allocate DeviceInfo");
+            return;
+        }
         new_device_entry = true;
         force_overwrite = true;
         MIRACASTLOG_VERBOSE("#### Creating Device Cache ####");
@@ -825,20 +834,15 @@
 
                         if ( CONTROLLER_GO_DEVICE_LOST == controller_msgq_data.state )
                         {
-                            size_t found;
-                            int i = 0;
-
                             MIRACASTLOG_INFO("CONTROLLER_GO_DEVICE_LOST Received");
-                            for (auto devices : m_deviceInfoList)
+                            for (auto it = m_deviceInfoList.begin(); it != m_deviceInfoList.end(); ++it)
                             {
-                                found = devices->deviceMAC.find(deviceMAC);
-                                if (found != std::string::npos)
+                                if ((*it)->deviceMAC.find(deviceMAC) != std::string::npos)
                                 {
-                                    delete devices;
-                                    m_deviceInfoList.erase(m_deviceInfoList.begin() + i);
+                                    delete *it;
+                                    m_deviceInfoList.erase(it);
                                     break;
                                 }
-                                i++;
                             }
                         }
                         else
@@ -952,7 +956,11 @@
                                         authType = "pbc",
                                         deviceType = "unknown",
                                         result = "";
-                            m_groupInfo = new GroupInfo;
+                            m_groupInfo = new (std::nothrow) GroupInfo;
+                            if (nullptr == m_groupInfo) {
+                                MIRACASTLOG_ERROR("Failed to allocate GroupInfo");
+                                break;
+                            }
                             size_t found = event_buffer.find("client");
                             size_t found_space = event_buffer.find(" ");
 
@@ -1045,7 +1053,7 @@
                                 std::string peer_iface_mac = get_SourcePeerIface(mac_address);
                                 char command[128] = {0};
                                 std::string popen_buffer = "";
-                                sprintf( command, "awk '$4 == \"%s\" && $4 !~ /incomplete/ {print $1}' /proc/net/arp", peer_iface_mac.c_str());
+                                snprintf(command, sizeof(command), "awk '$4 == \"%s\" && $4 !~ /incomplete/ {print $1}' /proc/net/arp", peer_iface_mac.c_str());
 
                                 MiracastCommon::execute_PopenCommand( command , nullptr , 15 , popen_buffer , 1000000 );
                                 if (!popen_buffer.empty())

@@ -1,5 +1,5 @@
 /*
 * If not stated otherwise in this file or this component's Licenses.txt file the
 * following copyright and licenses apply:
 *
 * Copyright 2023 RDK Management
@@ -148,6 +148,8 @@
     std::string m_localIp;
     vector<DeviceInfo *> m_deviceInfoList;
     GroupInfo *m_groupInfo;
+    // Mutex to protect shared boolean flags from data races
+    mutable std::mutex m_stateMutex;
     bool m_connectionStatus;
     bool m_p2p_backend_discovery{false};
     bool m_start_discovering_enabled{false};

@@ -1,4 +1,4 @@
 /**
 * If not stated otherwise in this file or this component's LICENSE
 * file the following copyright and licenses apply:
 *
@@ -195,7 +195,7 @@
 
                 string query = "token=" + token;
                 Core::SystemInfo::SetEnvironment(_T("THUNDER_ACCESS"), (_T(SERVER_DETAILS)));
-                m_SystemPluginObj = new WPEFramework::JSONRPC::LinkType<Core::JSON::IElement>(_T(SYSTEM_CALLSIGN_VER), (_T("MiracastService")), false, query);
+                m_SystemPluginObj = new (std::nothrow) WPEFramework::JSONRPC::LinkType<Core::JSON::IElement>(_T(SYSTEM_CALLSIGN_VER), (_T("MiracastService")), false, query);
                 if (nullptr == m_SystemPluginObj)
                 {
                     MIRACASTLOG_ERROR("JSONRPC: %s: initialization failed", SYSTEM_CALLSIGN_VER);
@@ -205,7 +205,7 @@
                     MIRACASTLOG_INFO("JSONRPC: %s: initialization ok", SYSTEM_CALLSIGN_VER);
                 }
 
-                m_WiFiPluginObj = new WPEFramework::JSONRPC::LinkType<Core::JSON::IElement>(_T(WIFI_CALLSIGN_VER), (_T("MiracastService")), false, query);
+                m_WiFiPluginObj = new (std::nothrow) WPEFramework::JSONRPC::LinkType<Core::JSON::IElement>(_T(WIFI_CALLSIGN_VER), (_T("MiracastService")), false, query);
                 if (nullptr == m_WiFiPluginObj)
                 {
                     MIRACASTLOG_ERROR("JSONRPC: %s: initialization failed", WIFI_CALLSIGN_VER);

@@ -1,5 +1,5 @@
 /*
 * If not stated otherwise in this file or this component's Licenses.txt file the
 * following copyright and licenses apply:
 *
 * Copyright 2023 RDK Management
@@ -70,13 +70,17 @@
     MIRACASTLOG_TRACE("Entering..");
     if (nullptr == m_miracast_p2p_obj)
     {
-        m_miracast_p2p_obj = new MiracastP2P();
+        m_miracast_p2p_obj = new (std::nothrow) MiracastP2P();
         if (nullptr != m_miracast_p2p_obj){
             ret_code = m_miracast_p2p_obj->Init(p2p_ctrl_iface);
             if ( MIRACAST_OK != ret_code){
                 destroyInstance();
             }
         }
+        else {
+            MIRACASTLOG_ERROR("Failed to allocate MiracastP2P");
+            ret_code = MIRACAST_P2P_INIT_FAILED;
+        }
     }
     error_code = ret_code;
     MIRACASTLOG_TRACE("Exiting..");

@@ -1,5 +1,5 @@
 /*
 * If not stated otherwise in this file or this component's Licenses.txt file the
 * following copyright and licenses apply:
 *
 * Copyright 2023 RDK Management
@@ -250,9 +250,16 @@
         }
 
         memset( buffer , 0x00 , sizeof(buffer));
+        size_t buffer_len = 0;
         while (getline(&current_line_buffer, &len, popen_pipe_ptr) != -1)
         {
-            sprintf(buffer + strlen(buffer), "%s" ,  current_line_buffer);
+            size_t remaining = sizeof(buffer) - buffer_len - 1;
+            if (remaining > 0) {
+                size_t to_copy = strnlen(current_line_buffer, remaining);
+                memcpy(buffer + buffer_len, current_line_buffer, to_copy);
+                buffer_len += to_copy;
+                buffer[buffer_len] = '\0';
-                buffer[buffer_len] = '\0';
+                buffer[buffer_len] = '\0';
+                if (to_copy == remaining && current_line_buffer[remaining - 1] != '\0' && current_line_buffer[remaining - 1] != '\n') {
+                    MIRACASTLOG_WARN("Buffer full, popen output truncated.");
+                    break;
+                }
+            } else {
+                MIRACASTLOG_WARN("Buffer full, popen output truncated.");
+                break;
-                buffer[buffer_len] = '\0';
+                buffer[buffer_len] = '\0';
+                if (to_copy == remaining && current_line_buffer[remaining - 1] != '\0' && current_line_buffer[remaining - 1] != '\n') {
+                    MIRACASTLOG_WARN("Buffer full, popen output truncated.");
+                    break;
+                }
+            } else {
+                MIRACASTLOG_WARN("Buffer full, popen output truncated.");
+                break;
+            }
             MIRACASTLOG_INFO("#### popen Output[%s] ####", buffer);
         }
         pclose(popen_pipe_ptr);

@@ -33,7 +33,7 @@
 #include "WrapsMock.h"
 #include "WorkerPoolImplementation.h"
 #include "MiracastPlayerImplementation.h"
 #include <sys/time.h>
 #include <future>
 #include <thread>

@@ -120,7 +120,7 @@
         struct tm *tm_info;
         tm_info = localtime(&tv.tv_sec);
 
-        sprintf(time_str, ": %02d:%02d:%02d:%06ld", tm_info->tm_hour, tm_info->tm_min, tm_info->tm_sec, microseconds);
+        snprintf(time_str, sizeof(time_str), ": %02d:%02d:%02d:%06ld", tm_info->tm_hour, tm_info->tm_min, tm_info->tm_sec, microseconds);
     }
 
     void log( const char *func, const char *file, int line, int threadID,const char *format, ...)
@@ -413,7 +413,7 @@
                             TEST_LOG("RTSP_SEND RESPONSE Messages");
                             if (temp_buffer.find("%s") != std::string::npos)
                             {
-                                sprintf( buffer , rtsp_req_resp_format , receivedCSeqNum.c_str());
+                                snprintf( buffer, sizeof(buffer), rtsp_req_resp_format , receivedCSeqNum.c_str());
                                 msg_buffer = buffer;
                                 TEST_LOG("Response sequence number replaced as [%s]",receivedCSeqNum.c_str());
                                 receivedCSeqNum.clear();

@@ -109,7 +109,7 @@ namespace
         struct tm *tm_info;
         tm_info = localtime(&tv.tv_sec);
 
-        sprintf(time_str, ": %02d:%02d:%02d:%06ld", tm_info->tm_hour, tm_info->tm_min, tm_info->tm_sec, microseconds);
+        snprintf(time_str, sizeof(time_str), ": %02d:%02d:%02d:%06ld", tm_info->tm_hour, tm_info->tm_min, tm_info->tm_sec, microseconds);
     }
     void log( const char *func, const char *file, int line, int threadID,const char *format, ...)
     {

@@ -215,7 +215,7 @@ namespace WPEFramework
             if(nullptr == m_SystemPluginObj)
             {
                 Core::SystemInfo::SetEnvironment(_T("THUNDER_ACCESS"), (_T(SERVER_DETAILS)));
-                m_SystemPluginObj = new WPEFramework::JSONRPC::LinkType<Core::JSON::IElement>(_T(SYSTEM_CALLSIGN_VER), (_T(SYSTEM_CALLSIGN_VER)), false);
+                m_SystemPluginObj = new (std::nothrow) WPEFramework::JSONRPC::LinkType<Core::JSON::IElement>(_T(SYSTEM_CALLSIGN_VER), (_T(SYSTEM_CALLSIGN_VER)), false);
                 if (nullptr == m_SystemPluginObj)
                 {
                     LOGERR("JSONRPC: [%s]: initialization failed", SYSTEM_CALLSIGN_VER);

@@ -96,9 +96,13 @@ namespace WPEFramework
                     Job() = delete;
                     Job(const Job&) = delete;
                     Job& operator=(const Job&) = delete;
-                    ~Job() {
+                    ~Job() noexcept {
                         if (_xcast != nullptr) {
-                            _xcast->Release();
+                            try {
+                                _xcast->Release();
+                            } catch (...) {
+                                // Swallow exceptions in destructor
+                            }
                         }
                     }
 

@@ -500,11 +500,22 @@ void XCastManager::registerApplications(std::vector<DynamicAppConfig*>& appConfi
 {
     LOGINFO("Entering ...");
 
-    RegisterAppEntryList *appReqList = new RegisterAppEntryList;
+    RegisterAppEntryList *appReqList = new (std::nothrow) RegisterAppEntryList;
+    if (nullptr == appReqList)
+    {
+        LOGERR("Failed to allocate RegisterAppEntryList");
+        return;
+    }
 
     for (DynamicAppConfig* pDynamicAppConfig : appConfigList)
     {
-        RegisterAppEntry* appReq = new RegisterAppEntry;
+        RegisterAppEntry* appReq = new (std::nothrow) RegisterAppEntry;
+        if (nullptr == appReq)
+        {
+            LOGERR("Failed to allocate RegisterAppEntry");
+            delete appReqList;
-            delete appReqList;
+            // Clean up previously allocated RegisterAppEntry objects
+            if (appReqList) {
+                while (!appReqList->empty()) {
+                    RegisterAppEntry* entry = appReqList->front();
+                    appReqList->popFront();
+                    delete entry;
+                }
+                delete appReqList;
+            }
-            delete appReqList;
+            // Clean up previously allocated RegisterAppEntry objects
+            if (appReqList) {
+                while (!appReqList->empty()) {
+                    RegisterAppEntry* entry = appReqList->front();
+                    appReqList->popFront();
+                    delete entry;
+                }
+                delete appReqList;
+            }
+            return;
+        }
 
         appReq->Names = pDynamicAppConfig->appName;
         appReq->prefixes = pDynamicAppConfig->prefixes;
@@ -551,7 +562,11 @@ XCastManager * XCastManager::getInstance()
     LOGINFO("Entering ...");
     if(XCastManager::_instance == nullptr)
     {
-        XCastManager::_instance = new XCastManager();
+        XCastManager::_instance = new (std::nothrow) XCastManager();
+        if (nullptr == XCastManager::_instance)
+        {
+            LOGERR("Failed to allocate XCastManager singleton");
+        }
     }
     LOGINFO("Exiting ...");
     return XCastManager::_instance;

@@ -56,6 +56,7 @@ class XCastManager : public GDialNotifier
      *   @param error - The error string if the requested application is not available or due to other errors
      *   @return indicates whether state is properly communicated to rtdial server.
      */
+    // Validate inputs: app and state must not be empty
     int applicationStateChanged( string app, string state, string id, string error);
     /**
      *This function will enable cast service by default.