Few bugs found by cppcheck:
gps.c, buffer overrun:
char gpx_name[17];
...
sprintf(gpx_name, "A/GPS/Logging/%02d_%02d-%02d_%02d.gpx", ttm->tm_mon+1, ttm->tm_mday, ttm->tm_hour, ttm->tm_min);
Looking at this module there is plenty more sprintf calls that seems risky (i.e. taking result of lang_str() or other external function as a argument).
File handle leak at gps.c, gps_navigate_home():
sprintf(home_name, "A/GPS/Navigation/Home.txt");
FILE* fp = fopen(home_name, "r");
...
gui_space.c, gui_space_draw_mb(): these to sprintf calls seems to have redundant '%' in formatting string:
if (freemb < 10000) sprintf(osd_buf+offset, "%4d%M\0",freemb);
else sprintf(osd_buf+offset, "%4d%G\0",freemb/1024); // if 10 GiB or more free, print in GiB instead of MiB
suba.c, possible NULL dereferencing suba pointer:
if (suba)
{
.....
}
.....
*allocated_size = suba->size_total; // TODO check this is a reasonable value for this field
module_menu.c, these strings could be possibly not NULL-terminated:
if ( minfo.moduleName < 0 )
{ strncpy( modulename, lang_str(-minfo.moduleName), sizeof(modulename)); }
else if ( minfo.moduleName >= flat->entry )
{ strncpy( modulename, (content+minfo.moduleName), sizeof(modulename)); }
I'm not sure about this scheme (often used):
FILE* fp = fopen(...);
if( fp )
{
....
}
fclose(fp); <<< closing possibly invalid handle
I think all runtime error detection systems I know would report error when closing invalid handle and at least one runtime library I worked with would crash here.