Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chocolate-doom-3.0.1/codeblocks/config.h
Examining data/chocolate-doom-3.0.1/midiproc/buffer.c
Examining data/chocolate-doom-3.0.1/midiproc/buffer.h
Examining data/chocolate-doom-3.0.1/midiproc/main.c
Examining data/chocolate-doom-3.0.1/midiproc/proto.h
Examining data/chocolate-doom-3.0.1/msvc/config.h
Examining data/chocolate-doom-3.0.1/msvc/inttypes.h
Examining data/chocolate-doom-3.0.1/msvc/stdint.h
Examining data/chocolate-doom-3.0.1/msvc/win_opendir.c
Examining data/chocolate-doom-3.0.1/msvc/win_opendir.h
Examining data/chocolate-doom-3.0.1/opl/examples/droplay.c
Examining data/chocolate-doom-3.0.1/opl/ioperm_sys.c
Examining data/chocolate-doom-3.0.1/opl/ioperm_sys.h
Examining data/chocolate-doom-3.0.1/opl/opl.c
Examining data/chocolate-doom-3.0.1/opl/opl.h
Examining data/chocolate-doom-3.0.1/opl/opl3.c
Examining data/chocolate-doom-3.0.1/opl/opl3.h
Examining data/chocolate-doom-3.0.1/opl/opl_internal.h
Examining data/chocolate-doom-3.0.1/opl/opl_linux.c
Examining data/chocolate-doom-3.0.1/opl/opl_obsd.c
Examining data/chocolate-doom-3.0.1/opl/opl_queue.c
Examining data/chocolate-doom-3.0.1/opl/opl_queue.h
Examining data/chocolate-doom-3.0.1/opl/opl_sdl.c
Examining data/chocolate-doom-3.0.1/opl/opl_timer.c
Examining data/chocolate-doom-3.0.1/opl/opl_timer.h
Examining data/chocolate-doom-3.0.1/opl/opl_win32.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound.h
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_internal.h
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_linux.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_sdl.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_win32.c
Examining data/chocolate-doom-3.0.1/pkg/osx/AppController.h
Examining data/chocolate-doom-3.0.1/pkg/osx/Execute.h
Examining data/chocolate-doom-3.0.1/pkg/osx/IWADController.h
Examining data/chocolate-doom-3.0.1/pkg/osx/LauncherManager.h
Examining data/chocolate-doom-3.0.1/src/aes_prng.c
Examining data/chocolate-doom-3.0.1/src/aes_prng.h
Examining data/chocolate-doom-3.0.1/src/d_dedicated.c
Examining data/chocolate-doom-3.0.1/src/d_event.c
Examining data/chocolate-doom-3.0.1/src/d_event.h
Examining data/chocolate-doom-3.0.1/src/d_iwad.c
Examining data/chocolate-doom-3.0.1/src/d_iwad.h
Examining data/chocolate-doom-3.0.1/src/d_loop.c
Examining data/chocolate-doom-3.0.1/src/d_loop.h
Examining data/chocolate-doom-3.0.1/src/d_mode.c
Examining data/chocolate-doom-3.0.1/src/d_mode.h
Examining data/chocolate-doom-3.0.1/src/d_ticcmd.h
Examining data/chocolate-doom-3.0.1/src/deh_defs.h
Examining data/chocolate-doom-3.0.1/src/deh_io.c
Examining data/chocolate-doom-3.0.1/src/deh_io.h
Examining data/chocolate-doom-3.0.1/src/deh_main.c
Examining data/chocolate-doom-3.0.1/src/deh_main.h
Examining data/chocolate-doom-3.0.1/src/deh_mapping.c
Examining data/chocolate-doom-3.0.1/src/deh_mapping.h
Examining data/chocolate-doom-3.0.1/src/deh_str.c
Examining data/chocolate-doom-3.0.1/src/deh_str.h
Examining data/chocolate-doom-3.0.1/src/deh_text.c
Examining data/chocolate-doom-3.0.1/src/doom/am_map.c
Examining data/chocolate-doom-3.0.1/src/doom/am_map.h
Examining data/chocolate-doom-3.0.1/src/doom/d_englsh.h
Examining data/chocolate-doom-3.0.1/src/doom/d_items.c
Examining data/chocolate-doom-3.0.1/src/doom/d_items.h
Examining data/chocolate-doom-3.0.1/src/doom/d_main.c
Examining data/chocolate-doom-3.0.1/src/doom/d_main.h
Examining data/chocolate-doom-3.0.1/src/doom/d_net.c
Examining data/chocolate-doom-3.0.1/src/doom/d_player.h
Examining data/chocolate-doom-3.0.1/src/doom/d_textur.h
Examining data/chocolate-doom-3.0.1/src/doom/d_think.h
Examining data/chocolate-doom-3.0.1/src/doom/deh_ammo.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_bexstr.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_cheat.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_doom.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_frame.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_misc.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_misc.h
Examining data/chocolate-doom-3.0.1/src/doom/deh_ptr.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_sound.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_thing.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_weapon.c
Examining data/chocolate-doom-3.0.1/src/doom/doomdata.h
Examining data/chocolate-doom-3.0.1/src/doom/doomdef.c
Examining data/chocolate-doom-3.0.1/src/doom/doomdef.h
Examining data/chocolate-doom-3.0.1/src/doom/doomstat.c
Examining data/chocolate-doom-3.0.1/src/doom/doomstat.h
Examining data/chocolate-doom-3.0.1/src/doom/dstrings.c
Examining data/chocolate-doom-3.0.1/src/doom/dstrings.h
Examining data/chocolate-doom-3.0.1/src/doom/f_finale.c
Examining data/chocolate-doom-3.0.1/src/doom/f_finale.h
Examining data/chocolate-doom-3.0.1/src/doom/f_wipe.c
Examining data/chocolate-doom-3.0.1/src/doom/f_wipe.h
Examining data/chocolate-doom-3.0.1/src/doom/g_game.c
Examining data/chocolate-doom-3.0.1/src/doom/g_game.h
Examining data/chocolate-doom-3.0.1/src/doom/hu_lib.c
Examining data/chocolate-doom-3.0.1/src/doom/hu_lib.h
Examining data/chocolate-doom-3.0.1/src/doom/hu_stuff.c
Examining data/chocolate-doom-3.0.1/src/doom/hu_stuff.h
Examining data/chocolate-doom-3.0.1/src/doom/info.c
Examining data/chocolate-doom-3.0.1/src/doom/info.h
Examining data/chocolate-doom-3.0.1/src/doom/m_menu.c
Examining data/chocolate-doom-3.0.1/src/doom/m_menu.h
Examining data/chocolate-doom-3.0.1/src/doom/m_random.c
Examining data/chocolate-doom-3.0.1/src/doom/m_random.h
Examining data/chocolate-doom-3.0.1/src/doom/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/doom/p_doors.c
Examining data/chocolate-doom-3.0.1/src/doom/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/doom/p_floor.c
Examining data/chocolate-doom-3.0.1/src/doom/p_inter.c
Examining data/chocolate-doom-3.0.1/src/doom/p_inter.h
Examining data/chocolate-doom-3.0.1/src/doom/p_lights.c
Examining data/chocolate-doom-3.0.1/src/doom/p_local.h
Examining data/chocolate-doom-3.0.1/src/doom/p_map.c
Examining data/chocolate-doom-3.0.1/src/doom/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/doom/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/doom/p_mobj.h
Examining data/chocolate-doom-3.0.1/src/doom/p_plats.c
Examining data/chocolate-doom-3.0.1/src/doom/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/doom/p_pspr.h
Examining data/chocolate-doom-3.0.1/src/doom/p_saveg.c
Examining data/chocolate-doom-3.0.1/src/doom/p_saveg.h
Examining data/chocolate-doom-3.0.1/src/doom/p_setup.c
Examining data/chocolate-doom-3.0.1/src/doom/p_setup.h
Examining data/chocolate-doom-3.0.1/src/doom/p_sight.c
Examining data/chocolate-doom-3.0.1/src/doom/p_spec.c
Examining data/chocolate-doom-3.0.1/src/doom/p_spec.h
Examining data/chocolate-doom-3.0.1/src/doom/p_switch.c
Examining data/chocolate-doom-3.0.1/src/doom/p_telept.c
Examining data/chocolate-doom-3.0.1/src/doom/p_tick.c
Examining data/chocolate-doom-3.0.1/src/doom/p_tick.h
Examining data/chocolate-doom-3.0.1/src/doom/p_user.c
Examining data/chocolate-doom-3.0.1/src/doom/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/doom/r_bsp.h
Examining data/chocolate-doom-3.0.1/src/doom/r_data.c
Examining data/chocolate-doom-3.0.1/src/doom/r_data.h
Examining data/chocolate-doom-3.0.1/src/doom/r_defs.h
Examining data/chocolate-doom-3.0.1/src/doom/r_draw.c
Examining data/chocolate-doom-3.0.1/src/doom/r_draw.h
Examining data/chocolate-doom-3.0.1/src/doom/r_local.h
Examining data/chocolate-doom-3.0.1/src/doom/r_main.c
Examining data/chocolate-doom-3.0.1/src/doom/r_main.h
Examining data/chocolate-doom-3.0.1/src/doom/r_plane.c
Examining data/chocolate-doom-3.0.1/src/doom/r_plane.h
Examining data/chocolate-doom-3.0.1/src/doom/r_segs.c
Examining data/chocolate-doom-3.0.1/src/doom/r_segs.h
Examining data/chocolate-doom-3.0.1/src/doom/r_sky.c
Examining data/chocolate-doom-3.0.1/src/doom/r_sky.h
Examining data/chocolate-doom-3.0.1/src/doom/r_state.h
Examining data/chocolate-doom-3.0.1/src/doom/r_things.c
Examining data/chocolate-doom-3.0.1/src/doom/r_things.h
Examining data/chocolate-doom-3.0.1/src/doom/s_sound.c
Examining data/chocolate-doom-3.0.1/src/doom/s_sound.h
Examining data/chocolate-doom-3.0.1/src/doom/sounds.c
Examining data/chocolate-doom-3.0.1/src/doom/sounds.h
Examining data/chocolate-doom-3.0.1/src/doom/st_lib.c
Examining data/chocolate-doom-3.0.1/src/doom/st_lib.h
Examining data/chocolate-doom-3.0.1/src/doom/st_stuff.c
Examining data/chocolate-doom-3.0.1/src/doom/st_stuff.h
Examining data/chocolate-doom-3.0.1/src/doom/statdump.c
Examining data/chocolate-doom-3.0.1/src/doom/statdump.h
Examining data/chocolate-doom-3.0.1/src/doom/wi_stuff.c
Examining data/chocolate-doom-3.0.1/src/doom/wi_stuff.h
Examining data/chocolate-doom-3.0.1/src/doomkeys.h
Examining data/chocolate-doom-3.0.1/src/doomtype.h
Examining data/chocolate-doom-3.0.1/src/gusconf.c
Examining data/chocolate-doom-3.0.1/src/gusconf.h
Examining data/chocolate-doom-3.0.1/src/heretic/am_data.h
Examining data/chocolate-doom-3.0.1/src/heretic/am_map.c
Examining data/chocolate-doom-3.0.1/src/heretic/am_map.h
Examining data/chocolate-doom-3.0.1/src/heretic/ct_chat.c
Examining data/chocolate-doom-3.0.1/src/heretic/ct_chat.h
Examining data/chocolate-doom-3.0.1/src/heretic/d_main.c
Examining data/chocolate-doom-3.0.1/src/heretic/d_net.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_ammo.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_frame.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_htext.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_htic.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_htic.h
Examining data/chocolate-doom-3.0.1/src/heretic/deh_sound.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_thing.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_weapon.c
Examining data/chocolate-doom-3.0.1/src/heretic/doomdata.h
Examining data/chocolate-doom-3.0.1/src/heretic/doomdef.h
Examining data/chocolate-doom-3.0.1/src/heretic/dstrings.h
Examining data/chocolate-doom-3.0.1/src/heretic/f_finale.c
Examining data/chocolate-doom-3.0.1/src/heretic/g_game.c
Examining data/chocolate-doom-3.0.1/src/heretic/in_lude.c
Examining data/chocolate-doom-3.0.1/src/heretic/info.c
Examining data/chocolate-doom-3.0.1/src/heretic/info.h
Examining data/chocolate-doom-3.0.1/src/heretic/m_random.c
Examining data/chocolate-doom-3.0.1/src/heretic/m_random.h
Examining data/chocolate-doom-3.0.1/src/heretic/mn_menu.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_action.h
Examining data/chocolate-doom-3.0.1/src/heretic/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_doors.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_floor.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_inter.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_lights.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_local.h
Examining data/chocolate-doom-3.0.1/src/heretic/p_map.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_plats.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_saveg.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_setup.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_sight.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_spec.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_spec.h
Examining data/chocolate-doom-3.0.1/src/heretic/p_switch.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_telept.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_tick.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_user.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_data.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_draw.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_local.h
Examining data/chocolate-doom-3.0.1/src/heretic/r_main.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_plane.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_segs.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_things.c
Examining data/chocolate-doom-3.0.1/src/heretic/s_sound.c
Examining data/chocolate-doom-3.0.1/src/heretic/s_sound.h
Examining data/chocolate-doom-3.0.1/src/heretic/sb_bar.c
Examining data/chocolate-doom-3.0.1/src/heretic/sounds.c
Examining data/chocolate-doom-3.0.1/src/heretic/sounds.h
Examining data/chocolate-doom-3.0.1/src/hexen/a_action.c
Examining data/chocolate-doom-3.0.1/src/hexen/am_data.h
Examining data/chocolate-doom-3.0.1/src/hexen/am_map.c
Examining data/chocolate-doom-3.0.1/src/hexen/am_map.h
Examining data/chocolate-doom-3.0.1/src/hexen/ct_chat.c
Examining data/chocolate-doom-3.0.1/src/hexen/ct_chat.h
Examining data/chocolate-doom-3.0.1/src/hexen/d_net.c
Examining data/chocolate-doom-3.0.1/src/hexen/f_finale.c
Examining data/chocolate-doom-3.0.1/src/hexen/g_game.c
Examining data/chocolate-doom-3.0.1/src/hexen/h2_main.c
Examining data/chocolate-doom-3.0.1/src/hexen/h2def.h
Examining data/chocolate-doom-3.0.1/src/hexen/in_lude.c
Examining data/chocolate-doom-3.0.1/src/hexen/info.c
Examining data/chocolate-doom-3.0.1/src/hexen/info.h
Examining data/chocolate-doom-3.0.1/src/hexen/m_random.c
Examining data/chocolate-doom-3.0.1/src/hexen/m_random.h
Examining data/chocolate-doom-3.0.1/src/hexen/p_anim.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_doors.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_floor.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_inter.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_lights.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_local.h
Examining data/chocolate-doom-3.0.1/src/hexen/p_map.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_plats.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_setup.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_sight.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_spec.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_switch.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_telept.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_things.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_tick.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_user.c
Examining data/chocolate-doom-3.0.1/src/hexen/po_man.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_data.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_draw.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_local.h
Examining data/chocolate-doom-3.0.1/src/hexen/r_main.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_plane.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_segs.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_things.c
Examining data/chocolate-doom-3.0.1/src/hexen/s_sound.c
Examining data/chocolate-doom-3.0.1/src/hexen/s_sound.h
Examining data/chocolate-doom-3.0.1/src/hexen/sb_bar.c
Examining data/chocolate-doom-3.0.1/src/hexen/sc_man.c
Examining data/chocolate-doom-3.0.1/src/hexen/sn_sonix.c
Examining data/chocolate-doom-3.0.1/src/hexen/sounds.c
Examining data/chocolate-doom-3.0.1/src/hexen/sounds.h
Examining data/chocolate-doom-3.0.1/src/hexen/st_start.c
Examining data/chocolate-doom-3.0.1/src/hexen/st_start.h
Examining data/chocolate-doom-3.0.1/src/hexen/textdefs.h
Examining data/chocolate-doom-3.0.1/src/hexen/xddefs.h
Examining data/chocolate-doom-3.0.1/src/hexen/p_spec.h
Examining data/chocolate-doom-3.0.1/src/hexen/sv_save.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_acs.c
Examining data/chocolate-doom-3.0.1/src/hexen/mn_menu.c
Examining data/chocolate-doom-3.0.1/src/i_cdmus.c
Examining data/chocolate-doom-3.0.1/src/i_cdmus.h
Examining data/chocolate-doom-3.0.1/src/i_endoom.c
Examining data/chocolate-doom-3.0.1/src/i_endoom.h
Examining data/chocolate-doom-3.0.1/src/i_input.c
Examining data/chocolate-doom-3.0.1/src/i_input.h
Examining data/chocolate-doom-3.0.1/src/i_joystick.c
Examining data/chocolate-doom-3.0.1/src/i_joystick.h
Examining data/chocolate-doom-3.0.1/src/i_main.c
Examining data/chocolate-doom-3.0.1/src/i_midipipe.c
Examining data/chocolate-doom-3.0.1/src/i_midipipe.h
Examining data/chocolate-doom-3.0.1/src/i_oplmusic.c
Examining data/chocolate-doom-3.0.1/src/i_pcsound.c
Examining data/chocolate-doom-3.0.1/src/i_sdlmusic.c
Examining data/chocolate-doom-3.0.1/src/i_sdlsound.c
Examining data/chocolate-doom-3.0.1/src/i_sound.c
Examining data/chocolate-doom-3.0.1/src/i_sound.h
Examining data/chocolate-doom-3.0.1/src/i_swap.h
Examining data/chocolate-doom-3.0.1/src/i_system.c
Examining data/chocolate-doom-3.0.1/src/i_system.h
Examining data/chocolate-doom-3.0.1/src/i_timer.c
Examining data/chocolate-doom-3.0.1/src/i_timer.h
Examining data/chocolate-doom-3.0.1/src/i_video.c
Examining data/chocolate-doom-3.0.1/src/i_video.h
Examining data/chocolate-doom-3.0.1/src/i_videohr.c
Examining data/chocolate-doom-3.0.1/src/i_videohr.h
Examining data/chocolate-doom-3.0.1/src/icon.c
Examining data/chocolate-doom-3.0.1/src/m_argv.c
Examining data/chocolate-doom-3.0.1/src/m_argv.h
Examining data/chocolate-doom-3.0.1/src/m_bbox.c
Examining data/chocolate-doom-3.0.1/src/m_bbox.h
Examining data/chocolate-doom-3.0.1/src/m_cheat.c
Examining data/chocolate-doom-3.0.1/src/m_cheat.h
Examining data/chocolate-doom-3.0.1/src/m_config.c
Examining data/chocolate-doom-3.0.1/src/m_config.h
Examining data/chocolate-doom-3.0.1/src/m_controls.c
Examining data/chocolate-doom-3.0.1/src/m_controls.h
Examining data/chocolate-doom-3.0.1/src/m_fixed.c
Examining data/chocolate-doom-3.0.1/src/m_fixed.h
Examining data/chocolate-doom-3.0.1/src/m_misc.c
Examining data/chocolate-doom-3.0.1/src/m_misc.h
Examining data/chocolate-doom-3.0.1/src/memio.c
Examining data/chocolate-doom-3.0.1/src/memio.h
Examining data/chocolate-doom-3.0.1/src/midifile.c
Examining data/chocolate-doom-3.0.1/src/midifile.h
Examining data/chocolate-doom-3.0.1/src/mus2mid.c
Examining data/chocolate-doom-3.0.1/src/mus2mid.h
Examining data/chocolate-doom-3.0.1/src/net_client.c
Examining data/chocolate-doom-3.0.1/src/net_client.h
Examining data/chocolate-doom-3.0.1/src/net_common.c
Examining data/chocolate-doom-3.0.1/src/net_common.h
Examining data/chocolate-doom-3.0.1/src/net_dedicated.c
Examining data/chocolate-doom-3.0.1/src/net_dedicated.h
Examining data/chocolate-doom-3.0.1/src/net_defs.h
Examining data/chocolate-doom-3.0.1/src/net_gui.c
Examining data/chocolate-doom-3.0.1/src/net_gui.h
Examining data/chocolate-doom-3.0.1/src/net_io.c
Examining data/chocolate-doom-3.0.1/src/net_io.h
Examining data/chocolate-doom-3.0.1/src/net_loop.c
Examining data/chocolate-doom-3.0.1/src/net_loop.h
Examining data/chocolate-doom-3.0.1/src/net_packet.c
Examining data/chocolate-doom-3.0.1/src/net_packet.h
Examining data/chocolate-doom-3.0.1/src/net_query.c
Examining data/chocolate-doom-3.0.1/src/net_query.h
Examining data/chocolate-doom-3.0.1/src/net_sdl.c
Examining data/chocolate-doom-3.0.1/src/net_sdl.h
Examining data/chocolate-doom-3.0.1/src/net_server.c
Examining data/chocolate-doom-3.0.1/src/net_server.h
Examining data/chocolate-doom-3.0.1/src/net_structrw.c
Examining data/chocolate-doom-3.0.1/src/net_structrw.h
Examining data/chocolate-doom-3.0.1/src/setup/compatibility.c
Examining data/chocolate-doom-3.0.1/src/setup/compatibility.h
Examining data/chocolate-doom-3.0.1/src/setup/display.c
Examining data/chocolate-doom-3.0.1/src/setup/display.h
Examining data/chocolate-doom-3.0.1/src/setup/execute.c
Examining data/chocolate-doom-3.0.1/src/setup/execute.h
Examining data/chocolate-doom-3.0.1/src/setup/joystick.c
Examining data/chocolate-doom-3.0.1/src/setup/joystick.h
Examining data/chocolate-doom-3.0.1/src/setup/keyboard.c
Examining data/chocolate-doom-3.0.1/src/setup/keyboard.h
Examining data/chocolate-doom-3.0.1/src/setup/mainmenu.c
Examining data/chocolate-doom-3.0.1/src/setup/mode.c
Examining data/chocolate-doom-3.0.1/src/setup/mode.h
Examining data/chocolate-doom-3.0.1/src/setup/mouse.c
Examining data/chocolate-doom-3.0.1/src/setup/mouse.h
Examining data/chocolate-doom-3.0.1/src/setup/multiplayer.c
Examining data/chocolate-doom-3.0.1/src/setup/multiplayer.h
Examining data/chocolate-doom-3.0.1/src/setup/setup_icon.c
Examining data/chocolate-doom-3.0.1/src/setup/sound.c
Examining data/chocolate-doom-3.0.1/src/setup/sound.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_joyaxis.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_joyaxis.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_joybinput.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_joybinput.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_keyinput.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_keyinput.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_mouseinput.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_mouseinput.h
Examining data/chocolate-doom-3.0.1/src/sha1.c
Examining data/chocolate-doom-3.0.1/src/sha1.h
Examining data/chocolate-doom-3.0.1/src/strife/am_map.c
Examining data/chocolate-doom-3.0.1/src/strife/am_map.h
Examining data/chocolate-doom-3.0.1/src/strife/d_englsh.h
Examining data/chocolate-doom-3.0.1/src/strife/d_items.c
Examining data/chocolate-doom-3.0.1/src/strife/d_items.h
Examining data/chocolate-doom-3.0.1/src/strife/d_main.c
Examining data/chocolate-doom-3.0.1/src/strife/d_main.h
Examining data/chocolate-doom-3.0.1/src/strife/d_net.c
Examining data/chocolate-doom-3.0.1/src/strife/d_player.h
Examining data/chocolate-doom-3.0.1/src/strife/d_textur.h
Examining data/chocolate-doom-3.0.1/src/strife/d_think.h
Examining data/chocolate-doom-3.0.1/src/strife/deh_ammo.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_cheat.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_frame.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_misc.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_misc.h
Examining data/chocolate-doom-3.0.1/src/strife/deh_ptr.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_sound.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_strife.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_thing.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_weapon.c
Examining data/chocolate-doom-3.0.1/src/strife/doomdata.h
Examining data/chocolate-doom-3.0.1/src/strife/doomdef.c
Examining data/chocolate-doom-3.0.1/src/strife/doomdef.h
Examining data/chocolate-doom-3.0.1/src/strife/doomstat.c
Examining data/chocolate-doom-3.0.1/src/strife/doomstat.h
Examining data/chocolate-doom-3.0.1/src/strife/dstrings.c
Examining data/chocolate-doom-3.0.1/src/strife/dstrings.h
Examining data/chocolate-doom-3.0.1/src/strife/f_finale.c
Examining data/chocolate-doom-3.0.1/src/strife/f_finale.h
Examining data/chocolate-doom-3.0.1/src/strife/f_wipe.c
Examining data/chocolate-doom-3.0.1/src/strife/f_wipe.h
Examining data/chocolate-doom-3.0.1/src/strife/g_game.c
Examining data/chocolate-doom-3.0.1/src/strife/g_game.h
Examining data/chocolate-doom-3.0.1/src/strife/hu_lib.c
Examining data/chocolate-doom-3.0.1/src/strife/hu_lib.h
Examining data/chocolate-doom-3.0.1/src/strife/hu_stuff.c
Examining data/chocolate-doom-3.0.1/src/strife/hu_stuff.h
Examining data/chocolate-doom-3.0.1/src/strife/info.c
Examining data/chocolate-doom-3.0.1/src/strife/info.h
Examining data/chocolate-doom-3.0.1/src/strife/m_menu.c
Examining data/chocolate-doom-3.0.1/src/strife/m_menu.h
Examining data/chocolate-doom-3.0.1/src/strife/m_random.c
Examining data/chocolate-doom-3.0.1/src/strife/m_random.h
Examining data/chocolate-doom-3.0.1/src/strife/m_saves.c
Examining data/chocolate-doom-3.0.1/src/strife/m_saves.h
Examining data/chocolate-doom-3.0.1/src/strife/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/strife/p_dialog.c
Examining data/chocolate-doom-3.0.1/src/strife/p_dialog.h
Examining data/chocolate-doom-3.0.1/src/strife/p_doors.c
Examining data/chocolate-doom-3.0.1/src/strife/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/strife/p_floor.c
Examining data/chocolate-doom-3.0.1/src/strife/p_inter.c
Examining data/chocolate-doom-3.0.1/src/strife/p_inter.h
Examining data/chocolate-doom-3.0.1/src/strife/p_lights.c
Examining data/chocolate-doom-3.0.1/src/strife/p_local.h
Examining data/chocolate-doom-3.0.1/src/strife/p_map.c
Examining data/chocolate-doom-3.0.1/src/strife/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/strife/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/strife/p_mobj.h
Examining data/chocolate-doom-3.0.1/src/strife/p_plats.c
Examining data/chocolate-doom-3.0.1/src/strife/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/strife/p_pspr.h
Examining data/chocolate-doom-3.0.1/src/strife/p_saveg.c
Examining data/chocolate-doom-3.0.1/src/strife/p_saveg.h
Examining data/chocolate-doom-3.0.1/src/strife/p_setup.c
Examining data/chocolate-doom-3.0.1/src/strife/p_setup.h
Examining data/chocolate-doom-3.0.1/src/strife/p_sight.c
Examining data/chocolate-doom-3.0.1/src/strife/p_spec.c
Examining data/chocolate-doom-3.0.1/src/strife/p_spec.h
Examining data/chocolate-doom-3.0.1/src/strife/p_switch.c
Examining data/chocolate-doom-3.0.1/src/strife/p_telept.c
Examining data/chocolate-doom-3.0.1/src/strife/p_tick.c
Examining data/chocolate-doom-3.0.1/src/strife/p_tick.h
Examining data/chocolate-doom-3.0.1/src/strife/p_user.c
Examining data/chocolate-doom-3.0.1/src/strife/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/strife/r_bsp.h
Examining data/chocolate-doom-3.0.1/src/strife/r_data.c
Examining data/chocolate-doom-3.0.1/src/strife/r_data.h
Examining data/chocolate-doom-3.0.1/src/strife/r_defs.h
Examining data/chocolate-doom-3.0.1/src/strife/r_draw.c
Examining data/chocolate-doom-3.0.1/src/strife/r_draw.h
Examining data/chocolate-doom-3.0.1/src/strife/r_local.h
Examining data/chocolate-doom-3.0.1/src/strife/r_main.c
Examining data/chocolate-doom-3.0.1/src/strife/r_main.h
Examining data/chocolate-doom-3.0.1/src/strife/r_plane.c
Examining data/chocolate-doom-3.0.1/src/strife/r_plane.h
Examining data/chocolate-doom-3.0.1/src/strife/r_segs.c
Examining data/chocolate-doom-3.0.1/src/strife/r_segs.h
Examining data/chocolate-doom-3.0.1/src/strife/r_sky.c
Examining data/chocolate-doom-3.0.1/src/strife/r_sky.h
Examining data/chocolate-doom-3.0.1/src/strife/r_state.h
Examining data/chocolate-doom-3.0.1/src/strife/r_things.c
Examining data/chocolate-doom-3.0.1/src/strife/r_things.h
Examining data/chocolate-doom-3.0.1/src/strife/s_sound.c
Examining data/chocolate-doom-3.0.1/src/strife/s_sound.h
Examining data/chocolate-doom-3.0.1/src/strife/sounds.c
Examining data/chocolate-doom-3.0.1/src/strife/sounds.h
Examining data/chocolate-doom-3.0.1/src/strife/st_lib.c
Examining data/chocolate-doom-3.0.1/src/strife/st_lib.h
Examining data/chocolate-doom-3.0.1/src/strife/st_stuff.c
Examining data/chocolate-doom-3.0.1/src/strife/st_stuff.h
Examining data/chocolate-doom-3.0.1/src/strife/wi_stuff.c
Examining data/chocolate-doom-3.0.1/src/strife/wi_stuff.h
Examining data/chocolate-doom-3.0.1/src/tables.c
Examining data/chocolate-doom-3.0.1/src/tables.h
Examining data/chocolate-doom-3.0.1/src/v_diskicon.c
Examining data/chocolate-doom-3.0.1/src/v_diskicon.h
Examining data/chocolate-doom-3.0.1/src/v_patch.h
Examining data/chocolate-doom-3.0.1/src/v_video.c
Examining data/chocolate-doom-3.0.1/src/v_video.h
Examining data/chocolate-doom-3.0.1/src/w_checksum.c
Examining data/chocolate-doom-3.0.1/src/w_checksum.h
Examining data/chocolate-doom-3.0.1/src/w_file.c
Examining data/chocolate-doom-3.0.1/src/w_file.h
Examining data/chocolate-doom-3.0.1/src/w_file_posix.c
Examining data/chocolate-doom-3.0.1/src/w_file_stdc.c
Examining data/chocolate-doom-3.0.1/src/w_file_win32.c
Examining data/chocolate-doom-3.0.1/src/w_main.c
Examining data/chocolate-doom-3.0.1/src/w_main.h
Examining data/chocolate-doom-3.0.1/src/w_merge.h
Examining data/chocolate-doom-3.0.1/src/w_wad.c
Examining data/chocolate-doom-3.0.1/src/w_wad.h
Examining data/chocolate-doom-3.0.1/src/z_native.c
Examining data/chocolate-doom-3.0.1/src/z_zone.c
Examining data/chocolate-doom-3.0.1/src/z_zone.h
Examining data/chocolate-doom-3.0.1/src/w_merge.c
Examining data/chocolate-doom-3.0.1/textscreen/examples/calculator.c
Examining data/chocolate-doom-3.0.1/textscreen/examples/guitest.c
Examining data/chocolate-doom-3.0.1/textscreen/fonts/codepage.h
Examining data/chocolate-doom-3.0.1/textscreen/fonts/large.h
Examining data/chocolate-doom-3.0.1/textscreen/fonts/normal.h
Examining data/chocolate-doom-3.0.1/textscreen/fonts/small.h
Examining data/chocolate-doom-3.0.1/textscreen/textscreen.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_button.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_button.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_checkbox.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_checkbox.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_conditional.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_conditional.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_desktop.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_desktop.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_dropdown.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_dropdown.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_fileselect.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_gui.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_gui.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_inputbox.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_inputbox.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_io.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_io.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_label.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_label.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_main.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_radiobutton.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_radiobutton.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_scrollpane.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_scrollpane.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_sdl.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_sdl.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_separator.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_separator.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_strut.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_strut.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_table.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_table.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_utf8.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_utf8.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_widget.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_widget.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_window.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_window.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_window_action.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_window_action.h

FINAL RESULTS:

data/chocolate-doom-3.0.1/src/w_file_win32.c:97:5:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
    MultiByteToWideChar(CP_OEMCP, 0,
data/chocolate-doom-3.0.1/msvc/win_opendir.c:108:4:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
   _tcscpy(nd->dd_name, szFullPath);
data/chocolate-doom-3.0.1/msvc/win_opendir.c:117:7:  [4] (buffer) _tcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
      _tcscat(nd->dd_name, SLASH);
data/chocolate-doom-3.0.1/msvc/win_opendir.c:121:4:  [4] (buffer) _tcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
   _tcscat(nd->dd_name, SUFFIX);
data/chocolate-doom-3.0.1/msvc/win_opendir.c:210:7:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
      _tcscpy(dirp->dd_dir.d_name, dirp->dd_dta.name);
data/chocolate-doom-3.0.1/src/d_dedicated.c:41:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(PACKAGE_NAME " standalone dedicated server\n");
data/chocolate-doom-3.0.1/src/deh_io.c:312:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, msg, args);
data/chocolate-doom-3.0.1/src/deh_io.c:325:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, msg, args);
data/chocolate-doom-3.0.1/src/deh_str.c:397:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(repl, args);
data/chocolate-doom-3.0.1/src/deh_str.c:413:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(fstream, repl, args);
data/chocolate-doom-3.0.1/src/deh_str.h:36:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DEH_printf printf
data/chocolate-doom-3.0.1/src/deh_str.h:37:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DEH_fprintf fprintf
data/chocolate-doom-3.0.1/src/deh_str.h:38:22:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define DEH_snprintf snprintf
data/chocolate-doom-3.0.1/src/doom/d_main.c:1361:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(D_CDROM);
data/chocolate-doom-3.0.1/src/hexen/st_start.c:271:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(message, argptr);
data/chocolate-doom-3.0.1/src/hexen/st_start.c:286:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(message, argptr);
data/chocolate-doom-3.0.1/src/i_system.c:283:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, error, argptr);
data/chocolate-doom-3.0.1/src/m_misc.c:564:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf _vsnprintf
data/chocolate-doom-3.0.1/src/m_misc.c:581:14:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    result = vsnprintf(buf, buf_len, s, args);
data/chocolate-doom-3.0.1/src/net_query.c:651:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    i = vprintf(s, args);
data/chocolate-doom-3.0.1/src/setup/execute.c:138:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(context->stream, s, args);
data/chocolate-doom-3.0.1/src/setup/execute.c:307:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execvp(argv[0], (char **) argv);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1659:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(D_CDROM);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:67:9:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execv(argv[0], argv);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:512:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    return system(ZENITY_BINARY " --help >/dev/null 2>&1") == 0;
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:933:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf _vsnprintf
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:950:14:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    result = vsnprintf(buf, buf_len, s, args);
data/chocolate-doom-3.0.1/textscreen/txt_window.c:520:5:  [4] (shell) ShellExecute:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ShellExecute(NULL, "open", url, NULL, NULL, SW_SHOWNORMAL);
data/chocolate-doom-3.0.1/textscreen/txt_window.c:538:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (system("xdg-open --version 2>/dev/null") != 0)
data/chocolate-doom-3.0.1/textscreen/txt_window.c:549:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system(cmd);
data/chocolate-doom-3.0.1/opl/opl.c:135:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    driver_name = getenv("OPL_DRIVER");
data/chocolate-doom-3.0.1/pcsound/pcsound.c:84:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    driver_name = getenv("PCSOUND_DRIVER");
data/chocolate-doom-3.0.1/src/d_iwad.c:622:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("XDG_DATA_HOME");
data/chocolate-doom-3.0.1/src/d_iwad.c:627:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *homedir = getenv("HOME");
data/chocolate-doom-3.0.1/src/d_iwad.c:651:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("XDG_DATA_DIRS");
data/chocolate-doom-3.0.1/src/d_iwad.c:687:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("DOOMWADDIR");
data/chocolate-doom-3.0.1/src/d_iwad.c:694:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("DOOMWADPATH");
data/chocolate-doom-3.0.1/src/i_oplmusic.c:1726:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    dmxoption = getenv("DMXOPTION");
data/chocolate-doom-3.0.1/src/i_video.c:1057:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("XSCREENSAVER_WINDOW");
data/chocolate-doom-3.0.1/src/i_video.c:1341:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("XSCREENSAVER_WINDOW");
data/chocolate-doom-3.0.1/src/m_misc.c:244:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    tempdir = getenv("TEMP");
data/chocolate-doom-3.0.1/src/net_client.c:1117:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        net_player_name = getenv("USER");
data/chocolate-doom-3.0.1/src/net_client.c:1119:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        net_player_name = getenv("USERNAME");
data/chocolate-doom-3.0.1/src/net_defs.h:202:9:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    int random;  // [Strife only]
data/chocolate-doom-3.0.1/src/net_sdl.c:186:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(time(NULL));
data/chocolate-doom-3.0.1/src/net_sdl.c:216:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(time(NULL));
data/chocolate-doom-3.0.1/src/net_structrw.c:81:37:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    NET_WriteInt8(packet, settings->random);
data/chocolate-doom-3.0.1/src/net_structrw.c:110:64:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
           && NET_ReadInt8(packet, (unsigned int *) &settings->random)
data/chocolate-doom-3.0.1/src/setup/display.c:94:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        system_video_env_set = getenv("SDL_VIDEODRIVER") != NULL;
data/chocolate-doom-3.0.1/src/setup/execute.c:63:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    tempdir = getenv("TEMP");
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1098:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        net_player_name = getenv("USER");
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1103:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        net_player_name = getenv("USERNAME");
data/chocolate-doom-3.0.1/src/strife/d_net.c:127:28:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    randomparm = settings->random;
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:171:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("TEXTSCREEN_FONT");
data/chocolate-doom-3.0.1/midiproc/buffer.c:85:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf->data_end, data, len);
data/chocolate-doom-3.0.1/midiproc/main.c:426:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[1024];
data/chocolate-doom-3.0.1/msvc/win_opendir.h:30:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char           d_name[FILENAME_MAX]; /* File name. */
data/chocolate-doom-3.0.1/msvc/win_opendir.h:60:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char dd_name[1];
data/chocolate-doom-3.0.1/opl/examples/droplay.c:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8];
data/chocolate-doom-3.0.1/opl/examples/droplay.c:152:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    timer_data.fstream = fopen(filename, "rb");
data/chocolate-doom-3.0.1/opl/ioperm_sys.c:174:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t driver_path[MAX_PATH];
data/chocolate-doom-3.0.1/opl/opl_queue.c:98:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&queue->entries[entry_id],
data/chocolate-doom-3.0.1/opl/opl_queue.c:179:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&queue->entries[i],
data/chocolate-doom-3.0.1/opl/opl_queue.c:187:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&queue->entries[i], entry, sizeof(opl_queue_entry_t));
data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c:186:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    speaker_handle = open(SPEAKER_DEVICE, O_WRONLY);
data/chocolate-doom-3.0.1/pcsound/pcsound_linux.c:121:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    console_handle = open(CONSOLE_DEVICE, O_WRONLY);
data/chocolate-doom-3.0.1/src/d_iwad.c:60:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *iwad_dirs[MAX_IWAD_DIRS];
data/chocolate-doom-3.0.1/src/d_loop.c:376:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        settings->extratics = atoi(myargv[i+1]);
data/chocolate-doom-3.0.1/src/d_loop.c:391:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        settings->ticdup = atoi(myargv[i+1]);
data/chocolate-doom-3.0.1/src/deh_io.c:91:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fstream = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/deh_io.c:218:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newbuffer, context->readbuffer, context->readbuffer_size);
data/chocolate-doom-3.0.1/src/deh_main.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char section_name[20];
data/chocolate-doom-3.0.1/src/deh_str.c:188:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sub->to_text, to_text, len);
data/chocolate-doom-3.0.1/src/deh_str.c:198:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sub->from_text, from_text, len);
data/chocolate-doom-3.0.1/src/deh_str.c:202:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sub->to_text, to_text, len);
data/chocolate-doom-3.0.1/src/doom/am_map.c:485:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/doom/am_map.c:498:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/doom/am_map.c:603:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[20];
data/chocolate-doom-3.0.1/src/doom/d_main.c:124:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		wadfile[1024];		// primary wad file
data/chocolate-doom-3.0.1/src/doom/d_main.c:125:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		mapdir[1024];           // directory of development maps
data/chocolate-doom-3.0.1/src/doom/d_main.c:397:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[12];
data/chocolate-doom-3.0.1/src/doom/d_main.c:887:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char            title[128];
data/chocolate-doom-3.0.1/src/doom/d_main.c:972:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char demolumpname[6];
data/chocolate-doom-3.0.1/src/doom/d_main.c:1219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file[256];
data/chocolate-doom-3.0.1/src/doom/d_main.c:1220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char demolumpname[9];
data/chocolate-doom-3.0.1/src/doom/d_main.c:1388:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    scale = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_main.c:1622:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[23][8]=
data/chocolate-doom-3.0.1/src/doom/d_main.c:1731:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	timelimit = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_main.c:1761:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            startmap = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_main.c:1806:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        startloadgame = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_net.c:45:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char exitmsg[80];
data/chocolate-doom-3.0.1/src/doom/deh_ammo.c:69:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_bexstr.c:338:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[10];
data/chocolate-doom-3.0.1/src/doom/deh_frame.c:128:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_misc.c:174:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_ptr.c:102:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_sound.c:86:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_thing.c:105:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_weapon.c:77:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/doomdata.h:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		toptexture[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:71:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		bottomtexture[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:72:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		midtexture[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		floorpic[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ceilingpic[8];
data/chocolate-doom-3.0.1/src/doom/doomstat.h:248:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern	char		basedefault[1024];
data/chocolate-doom-3.0.1/src/doom/f_finale.c:247:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (dest, src+((y&63)<<6), 64);
data/chocolate-doom-3.0.1/src/doom/f_finale.c:252:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (dest, src+((y&63)<<6), SCREENWIDTH&63);
data/chocolate-doom-3.0.1/src/doom/f_finale.c:612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[10];
data/chocolate-doom-3.0.1/src/doom/f_wipe.c:58:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(array, dest, width*height*sizeof(*dest));
data/chocolate-doom-3.0.1/src/doom/f_wipe.c:70:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wipe_scr, wipe_scr_start, width*height*sizeof(*wipe_scr));
data/chocolate-doom-3.0.1/src/doom/f_wipe.c:141:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wipe_scr, wipe_scr_start, width*height*sizeof(*wipe_scr));
data/chocolate-doom-3.0.1/src/doom/g_game.c:224:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     savedescription[32]; 
data/chocolate-doom-3.0.1/src/doom/g_game.c:915:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(cmd, &netcmds[i], sizeof(ticcmd_t));
data/chocolate-doom-3.0.1/src/doom/g_game.c:939:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                static char turbomessage[80];
data/chocolate-doom-3.0.1/src/doom/g_game.c:940:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                extern char *player_names[4];
data/chocolate-doom-3.0.1/src/doom/g_game.c:1538:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	savename[256];
data/chocolate-doom-3.0.1/src/doom/g_game.c:1552:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    save_stream = fopen(savename, "rb");
data/chocolate-doom-3.0.1/src/doom/g_game.c:1622:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    save_stream = fopen(temp_savegame_file, "wb");
data/chocolate-doom-3.0.1/src/doom/g_game.c:1629:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        save_stream = fopen(recovery_savegame_file, "wb");
data/chocolate-doom-3.0.1/src/doom/g_game.c:1943:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/doom/g_game.c:2030:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	maxsize = atoi(myargv[i+1])*1024;
data/chocolate-doom-3.0.1/src/doom/g_game.c:2113:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char resultbuf[16];
data/chocolate-doom-3.0.1/src/doom/hu_lib.h:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	l[HU_MAXLINELENGTH+1];	// line of text
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:65:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *chat_macros[10] =
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:94:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		chat_dest[MAXPLAYERS];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	buffer[9];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:529:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	chatchars[QUEUESIZE];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:582:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char		lastmessage[HU_MAXLINELENGTH+1];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.h:56:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:102:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char gammamsg[5][26] =
data/chocolate-doom-3.0.1/src/doom/m_menu.c:117:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char			saveOldString[SAVESTRINGSIZE];  
data/chocolate-doom-3.0.1/src/doom/m_menu.c:126:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char			savegamestrings[10][SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:128:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	endstring[160];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[10];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:170:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char    *skullName[2] = {"M_SKULL1","M_SKULL2"};
data/chocolate-doom-3.0.1/src/doom/m_menu.c:509:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    name[256];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:515:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	handle = fopen(name, "rb");
data/chocolate-doom-3.0.1/src/doom/m_menu.c:576:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    name[256];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:697:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char    tempstring[80];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:944:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *detailNames[2] = {"M_GDHIGH","M_GDLOW"};
data/chocolate-doom-3.0.1/src/doom/m_menu.c:945:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *msgNames[2] = {"M_MSGOFF","M_MSGON"};
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1909:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char debug[1024];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1949:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		string[80];
data/chocolate-doom-3.0.1/src/doom/m_random.c:24:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char rndtable[256] = {
data/chocolate-doom-3.0.1/src/doom/p_mobj.c:772:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char basename[32];
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:1346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VERSIONSIZE]; 
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:1380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vcheck[VERSIONSIZE]; 
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:1381:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char read_vcheck[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/doom/p_setup.c:761:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	lumpname[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	endname[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	startname[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name1[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name2[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:433:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	frontFrame1[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	frontFrame2[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:435:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	frontFrame3[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:436:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	frontFrame4[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:437:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	backFrame1[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:438:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	backFrame2[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:439:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	backFrame3[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:440:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	backFrame4[9];
data/chocolate-doom-3.0.1/src/doom/r_data.c:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[8];
data/chocolate-doom-3.0.1/src/doom/r_data.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[8];		
data/chocolate-doom-3.0.1/src/doom/r_data.c:212:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (cache + position, source, count);
data/chocolate-doom-3.0.1/src/doom/r_data.c:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[9];
data/chocolate-doom-3.0.1/src/doom/r_data.c:723:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	namet[9];
data/chocolate-doom-3.0.1/src/doom/r_data.c:730:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (namet, name,8);
data/chocolate-doom-3.0.1/src/doom/r_draw.c:862:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (dest, src+((y&63)<<6), 64); 
data/chocolate-doom-3.0.1/src/doom/r_draw.c:868:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (dest, src+((y&63)<<6), SCREENWIDTH&63); 
data/chocolate-doom-3.0.1/src/doom/r_draw.c:931:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer + ofs, background_buffer + ofs, count * sizeof(*I_VideoBuffer));
data/chocolate-doom-3.0.1/src/doom/r_segs.c:718:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (lastopening, ceilingclip+start, sizeof(*lastopening)*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/doom/r_segs.c:726:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (lastopening, floorclip+start, sizeof(*lastopening)*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/doom/r_things.c:270:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (sprites[i].spriteframes, sprtemp, maxframe*sizeof(spriteframe_t));
data/chocolate-doom-3.0.1/src/doom/s_sound.c:657:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:516:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[3];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:594:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char buf[ST_MSGWIDTH];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:606:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		buf[3];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:1101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	namebuf[9];
data/chocolate-doom-3.0.1/src/doom/statdump.c:303:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&captured_stats[num_captured_stats], stats,
data/chocolate-doom-3.0.1/src/doom/statdump.c:338:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            dumpfile = fopen(myargv[i + 1], "w");
data/chocolate-doom-3.0.1/src/doom/wi_stuff.c:1557:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9];
data/chocolate-doom-3.0.1/src/gusconf.c:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *patch_names[MAX_INSTRUMENTS];
data/chocolate-doom-3.0.1/src/gusconf.c:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[6];
data/chocolate-doom-3.0.1/src/gusconf.c:125:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    instr_id = atoi(fields[0]);
data/chocolate-doom-3.0.1/src/gusconf.c:133:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mapped_id = atoi(fields[MappingIndex()]);
data/chocolate-doom-3.0.1/src/gusconf.c:232:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fstream = fopen(path, "w");
data/chocolate-doom-3.0.1/src/heretic/am_map.c:830:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer + i * finit_width, maplump + j + mapxstart,
data/chocolate-doom-3.0.1/src/heretic/am_map.c:832:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer + i * finit_width + finit_width - mapxstart,
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:62:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char chat_msg[MAXPLAYERS][MESSAGESIZE];
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:63:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char plr_lastmsg[MAXPLAYERS][MESSAGESIZE + 9];  // add in the length of the pre-string
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:71:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *CT_FromPlrText[MAXPLAYERS] = {
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:78:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *chat_macros[10];
data/chocolate-doom-3.0.1/src/heretic/ct_chat.h:35:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:239:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[20];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:241:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        debugfile = fopen(filename, "w");
data/chocolate-doom-3.0.1/src/heretic/d_main.c:483:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char smsg[80];                  // status bar line
data/chocolate-doom-3.0.1/src/heretic/d_main.c:591:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(textScreen, loading, 4000);
data/chocolate-doom-3.0.1/src/heretic/d_main.c:613:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tmsg[300];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:695:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[12];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:732:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file[256];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:733:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char demolumpname[9];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:1024:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char temp[64];
data/chocolate-doom-3.0.1/src/heretic/d_net.c:45:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char exitmsg[80];
data/chocolate-doom-3.0.1/src/heretic/deh_ammo.c:69:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/deh_frame.c:286:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/deh_sound.c:95:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                       variable_name, atoi(value));
data/chocolate-doom-3.0.1/src/heretic/deh_thing.c:109:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/deh_weapon.c:89:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/doomdata.h:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char toptexture[8], bottomtexture[8], midtexture[8];
data/chocolate-doom-3.0.1/src/heretic/doomdata.h:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char floorpic[8], ceilingpic[8];
data/chocolate-doom-3.0.1/src/heretic/doomdata.h:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:173:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:178:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:272:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer, p1, SCREENHEIGHT * SCREENWIDTH);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:278:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer, p2 + SCREENHEIGHT * SCREENWIDTH - yval, yval);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:279:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer + yval, p1, SCREENHEIGHT * SCREENWIDTH - yval);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:285:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer, p2, SCREENWIDTH * SCREENHEIGHT);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:355:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[10];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:112:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char demoname[32];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:201:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char savedescription[32];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:991:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cmd, &netcmds[i], sizeof(ticcmd_t));
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1488:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char savestr[SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1489:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vcheck[VERSIONSIZE], readversion[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1570:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *skyLumpNames[5] = {
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1712:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1827:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        maxsize = atoi(myargv[i + 1]) * 1024;
data/chocolate-doom-3.0.1/src/heretic/g_game.c:2039:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char verString[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/heretic/in_lude.c:582:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/in_lude.c:587:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/mn_menu.c:145:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char SlotText[6][SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/heretic/mn_menu.c:146:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char oldSlotText[SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/heretic/mn_menu.c:646:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fp = fopen(filename, "rb+");
data/chocolate-doom-3.0.1/src/heretic/p_mobj.c:1044:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:63:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    SaveGameFP = fopen(fileName, "wb");
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:68:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    SaveGameFP = fopen(filename, "rb");
data/chocolate-doom-3.0.1/src/heretic/p_setup.c:546:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lumpname[9];
data/chocolate-doom-3.0.1/src/heretic/p_setup.c:627:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            TimerGame = atoi(myargv[parm + 1]) * 35 * 60;
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char endname[9];
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startname[9];
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name1[9];
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name2[9];
data/chocolate-doom-3.0.1/src/heretic/r_data.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];               // for switch changing, etc
data/chocolate-doom-3.0.1/src/heretic/r_data.c:117:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cache + position, source, count);
data/chocolate-doom-3.0.1/src/heretic/r_data.c:305:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9], *names, *name_p;
data/chocolate-doom-3.0.1/src/heretic/r_data.c:577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namet[9];
data/chocolate-doom-3.0.1/src/heretic/r_data.c:583:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(namet, name, 8);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:394:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:399:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:460:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:465:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/r_segs.c:639:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(lastopening, ceilingclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/heretic/r_segs.c:646:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(lastopening, floorclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/heretic/r_things.c:230:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sprites[i].spriteframes, sprtemp,
data/chocolate-doom-3.0.1/src/heretic/sb_bar.c:448:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[32];
data/chocolate-doom-3.0.1/src/heretic/sb_bar.c:1181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char args[2];
data/chocolate-doom-3.0.1/src/heretic/sb_bar.c:1229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char args[2];
data/chocolate-doom-3.0.1/src/heretic/sounds.h:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];
data/chocolate-doom-3.0.1/src/heretic/sounds.h:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];
data/chocolate-doom-3.0.1/src/hexen/am_map.c:729:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer + i * finit_width, maplump + j + mapxstart,
data/chocolate-doom-3.0.1/src/hexen/am_map.c:731:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer + i * finit_width + finit_width - mapxstart,
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1427:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *PlayerColorText[MAXPLAYERS] = {
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1443:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char textBuffer[80];
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1516:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timeBuffer[15];
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1517:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dayBuffer[20];
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:67:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char chat_msg[MAXPLAYERS][MESSAGESIZE];
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:68:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char plr_lastmsg[MAXPLAYERS][MESSAGESIZE + 9];
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *CT_FromPlrText[MAXPLAYERS] = {
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:87:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *chat_macros[10] = {
data/chocolate-doom-3.0.1/src/hexen/ct_chat.h:35:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/hexen/d_net.c:50:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char exitmsg[80];
data/chocolate-doom-3.0.1/src/hexen/d_net.c:199:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        connect_data->player_class = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:173:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(I_VideoBuffer, W_CacheLumpNum(FinaleLumpNum, PU_CACHE),
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:314:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(I_VideoBuffer, W_CacheLumpNum(FinaleLumpNum, PU_CACHE),
data/chocolate-doom-3.0.1/src/hexen/g_game.c:95:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char demoname[32];
data/chocolate-doom-3.0.1/src/hexen/g_game.c:168:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char savedescription[32];
data/chocolate-doom-3.0.1/src/hexen/g_game.c:1015:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cmd, &netcmds[i], sizeof(ticcmd_t));
data/chocolate-doom-3.0.1/src/hexen/g_game.c:1880:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/hexen/g_game.c:1995:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        maxsize = atoi(myargv[i + 1]) * 1024;
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:98:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char demolumpname[9];    // Demo lump to start playing.
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:173:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[12];
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:521:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        G_LoadGame(atoi(myargv[p + 1]));
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:668:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char file[256];
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:729:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        WarpMap = atoi(myargv[p + 1]);
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:763:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[20];
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:765:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        debugfile = fopen(filename, "w");
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:1052:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    G_LoadGame(atoi(myargv[p + 1]));
data/chocolate-doom-3.0.1/src/hexen/h2def.h:555:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[80];           // hint messages
data/chocolate-doom-3.0.1/src/hexen/h2def.h:1011:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char ClusterMessage[MAX_INTRMSN_MESSAGE_SIZE];
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:64:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ClusterMessage[MAX_INTRMSN_MESSAGE_SIZE];
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:406:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(I_VideoBuffer, (byte *) patchINTERPIC, SCREENWIDTH * SCREENHEIGHT);
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:530:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[8] = "XX";
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:548:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[8] = "XX";
data/chocolate-doom-3.0.1/src/hexen/m_random.c:24:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char rndtable[256] = {
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:151:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char SlotText[6][SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:152:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char oldSlotText[SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:598:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *boxLumpName[3] = {
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:603:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *walkLumpName[3] = {
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:678:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:679:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char versionText[HXS_VERSION_TEXT_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:683:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(name, "rb");
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:710:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char description[HXS_DESCRIPTION_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:717:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(SlotText[slot], description, SLOTTEXTLEN);
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:1777:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(I_VideoBuffer,
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:187:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char EvalContext[64];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:193:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char PrintBuffer[PRINT_BUFFER_SIZE];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:315:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:575:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ErrorMsg[128];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:662:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ACSStore[index].args, args, MAX_SCRIPT_ARGS);
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:678:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char LockedBuffer[80];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:680:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char *TextKeyMessages[11];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:1803:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempStr[16];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:1812:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempStr[2];
data/chocolate-doom-3.0.1/src/hexen/p_enemy.c:951:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(mo->args, oldMonster.args, 5);
data/chocolate-doom-3.0.1/src/hexen/p_enemy.c:959:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mo->args, oldMonster.args, 5);
data/chocolate-doom-3.0.1/src/hexen/p_enemy.c:1120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&starttime, mo->args, sizeof(unsigned int));
data/chocolate-doom-3.0.1/src/hexen/p_inter.c:714:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *artifactMessages[NUMARTIFACTS] = {
data/chocolate-doom-3.0.1/src/hexen/p_inter.c:1638:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(monster->args, oldMonster.args, 5);
data/chocolate-doom-3.0.1/src/hexen/p_mobj.c:1403:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/hexen/p_mobj.c:1438:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(player_start, mthing, sizeof(mapthing_t));
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[32];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char songLump[10];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:671:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lumpname[9];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:749:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            TimerGame = atoi(myargv[parm + 1]) * 35 * 60;
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:798:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char songMulch[10];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:844:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(info, &MapInfo[0], sizeof(*info));
data/chocolate-doom-3.0.1/src/hexen/p_spec.c:411:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char *TextKeyMessages[11];
data/chocolate-doom-3.0.1/src/hexen/p_spec.c:412:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char LockedBuffer[80];
data/chocolate-doom-3.0.1/src/hexen/p_spec.h:202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name1[9];
data/chocolate-doom-3.0.1/src/hexen/p_spec.h:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name2[9];
data/chocolate-doom-3.0.1/src/hexen/r_data.c:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];               // for switch changing, etc
data/chocolate-doom-3.0.1/src/hexen/r_data.c:112:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cache + position, source, count);
data/chocolate-doom-3.0.1/src/hexen/r_data.c:300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9], *names, *name_p;
data/chocolate-doom-3.0.1/src/hexen/r_data.c:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namet[9];
data/chocolate-doom-3.0.1/src/hexen/r_data.c:539:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(namet, name, 8);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:329:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(translationtables + i * 256, transLump, 256);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:462:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:467:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:528:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:533:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/hexen/r_segs.c:632:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(lastopening, ceilingclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/hexen/r_segs.c:639:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(lastopening, floorclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/hexen/r_things.c:233:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sprites[i].spriteframes, sprtemp,
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:246:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    { memcpy(cheat.sequence, seq, sizeof(seq)); \
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:636:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[32];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1743:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mapName[9];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1744:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char args[2];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1794:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1851:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char args[2];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1884:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char textBuffer[50];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1909:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char textBuffer[40];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1910:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char args[2];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1946:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1971:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1973:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char args[2];
data/chocolate-doom-3.0.1/src/hexen/sc_man.c:59:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ScriptName[16];
data/chocolate-doom-3.0.1/src/hexen/sc_man.c:63:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char StringBuffer[MAX_STRING_SIZE];
data/chocolate-doom-3.0.1/src/hexen/sc_man.c:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[128];
data/chocolate-doom-3.0.1/src/hexen/sn_sonix.c:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[SS_SEQUENCE_NAME_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/sn_sonix.c:292:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(SequenceData[i], tempDataStart, dataSize);
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:1927:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:1928:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char versionText[HXS_VERSION_TEXT_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:1987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2028:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2029:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char version_text[HXS_VERSION_TEXT_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2337:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2351:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sourceName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char destName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3261:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    read_handle = fopen(source_name, "rb");
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3280:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    write_handle = fopen(dest_name, "wb");
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3326:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(name, "rb")) != NULL)
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3345:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    SavingFP = fopen(fileName, "rb");
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3350:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    SavingFP = fopen(fileName, "wb");
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char toptexture[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bottomtexture[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char midtexture[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char floorpic[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ceilingpic[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];
data/chocolate-doom-3.0.1/src/i_endoom.c:56:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(screendata + (y * TXT_SCREEN_W * 2),
data/chocolate-doom-3.0.1/src/i_joystick.c:398:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[32];
data/chocolate-doom-3.0.1/src/i_midipipe.c:381:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR dirname[MAX_PATH + 1];
data/chocolate-doom-3.0.1/src/i_midipipe.c:385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char snd_samplerate_buf[8];
data/chocolate-doom-3.0.1/src/i_oplmusic.c:315:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char (*main_instr_names)[32];
data/chocolate-doom-3.0.1/src/i_oplmusic.c:316:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char (*percussion_names)[32];
data/chocolate-doom-3.0.1/src/i_oplmusic.c:374:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        (char (*)[32]) (percussion_instrs + GENMIDI_NUM_PERCUSSION);
data/chocolate-doom-3.0.1/src/i_oplmusic.c:1835:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[80];
data/chocolate-doom-3.0.1/src/i_pcsound.c:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:146:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	return atoi(value);
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:157:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            result = result * 60 + atoi(num_start);
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:169:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return (result * 60 + atoi(num_start)) * samplerate_hz;
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:377:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[4];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:384:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fs = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:476:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&subst_music[subst_music_len - 1], subst, sizeof(subst_music_t));
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:635:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:641:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fs = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:746:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:752:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fs = fopen(filename, "w");
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:811:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fstream = fopen(write_path, "w");
data/chocolate-doom-3.0.1/src/i_sdlsound.c:555:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    wav = fopen(filename, "wb");
data/chocolate-doom-3.0.1/src/i_sdlsound.c:637:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(convertor.buf, data, length);
data/chocolate-doom-3.0.1/src/i_sdlsound.c:641:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(chunk->abuf, convertor.buf, chunk->alen);
data/chocolate-doom-3.0.1/src/i_sdlsound.c:772:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[16];
data/chocolate-doom-3.0.1/src/i_sdlsound.c:817:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/i_sdlsound.c:884:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/i_sound.h:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9];
data/chocolate-doom-3.0.1/src/i_system.c:143:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        default_ram = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/i_system.c:265:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[512];
data/chocolate-doom-3.0.1/src/i_system.c:364:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mem_dump_dos622[DOS_MEM_DUMP_SIZE] = {
data/chocolate-doom-3.0.1/src/i_system.c:366:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mem_dump_win98[DOS_MEM_DUMP_SIZE] = {
data/chocolate-doom-3.0.1/src/i_system.c:368:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mem_dump_dosbox[DOS_MEM_DUMP_SIZE] = {
data/chocolate-doom-3.0.1/src/i_system.c:370:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char mem_dump_custom[DOS_MEM_DUMP_SIZE];
data/chocolate-doom-3.0.1/src/i_video.c:804:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(scr, I_VideoBuffer, SCREENWIDTH*SCREENHEIGHT*sizeof(*scr));
data/chocolate-doom-3.0.1/src/i_video.c:972:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        window_width = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/i_video.c:989:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        window_height = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/i_video.c:1345:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char winenv[30];
data/chocolate-doom-3.0.1/src/m_argv.c:89:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    handle = fopen(response_filename, "rb");
data/chocolate-doom-3.0.1/src/m_cheat.c:86:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, cht->parameter_buf, cht->parameter_chars);
data/chocolate-doom-3.0.1/src/m_cheat.h:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sequence[MAX_CHEAT_LEN];
data/chocolate-doom-3.0.1/src/m_cheat.h:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parameter_buf[MAX_CHEAT_PARAMS];
data/chocolate-doom-3.0.1/src/m_config.c:1715:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen (collection->filename, "w");
data/chocolate-doom-3.0.1/src/m_config.c:1873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defname[80];
data/chocolate-doom-3.0.1/src/m_config.c:1874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strparm[100];
data/chocolate-doom-3.0.1/src/m_config.c:1877:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(collection->filename, "r");
data/chocolate-doom-3.0.1/src/m_controls.c:380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[32];  // haleyjd: 20 not large enough - Thank you, come again!
data/chocolate-doom-3.0.1/src/m_misc.c:70:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fstream = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/m_misc.c:186:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    handle = fopen(name, "wb");
data/chocolate-doom-3.0.1/src/m_misc.c:211:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    handle = fopen(name, "rb");
data/chocolate-doom-3.0.1/src/m_misc.c:614:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_OEMCP, 0, oem, len, tmp, len);
data/chocolate-doom-3.0.1/src/memio.c:79:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, stream->buf + stream->position, items * size);
data/chocolate-doom-3.0.1/src/memio.c:126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newbuf, stream->buf, stream->alloced);
data/chocolate-doom-3.0.1/src/memio.c:134:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(stream->buf + stream->position, ptr, bytes);
data/chocolate-doom-3.0.1/src/midifile.c:601:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    stream = fopen(filename, "rb");
data/chocolate-doom-3.0.1/src/net_client.c:494:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&net_client_wait_data, &wait_data, sizeof(net_waitdata_t));
data/chocolate-doom-3.0.1/src/net_client.c:976:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(net_local_wad_sha1sum, data->wad_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/net_client.c:977:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(net_local_deh_sha1sum, data->deh_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/net_client.c:1067:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(_settings, &settings, sizeof(net_gamesettings_t));
data/chocolate-doom-3.0.1/src/net_defs.h:265:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char player_names[NET_MAXPLAYERS][MAXPLAYERNAME];
data/chocolate-doom-3.0.1/src/net_defs.h:266:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char player_addrs[NET_MAXPLAYERS][MAXPLAYERNAME];
data/chocolate-doom-3.0.1/src/net_gui.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[50];
data/chocolate-doom-3.0.1/src/net_gui.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[50];
data/chocolate-doom-3.0.1/src/net_gui.c:372:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        expected_nodes = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/net_io.c:116:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[128];
data/chocolate-doom-3.0.1/src/net_packet.c:55:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newpacket->data, packet->data, packet->len);
data/chocolate-doom-3.0.1/src/net_packet.c:249:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newdata, packet->data, packet->len);
data/chocolate-doom-3.0.1/src/net_query.c:295:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&target->data, &querydata, sizeof(net_querydata_t));
data/chocolate-doom-3.0.1/src/net_sdl.c:118:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_addr_table, addr_table, 
data/chocolate-doom-3.0.1/src/net_sdl.c:172:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        port = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/net_sdl.c:203:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        port = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/net_sdl.c:292:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((*packet)->data, recvpacket->data, recvpacket->len);
data/chocolate-doom-3.0.1/src/net_sdl.c:322:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char portbuf[10];
data/chocolate-doom-3.0.1/src/net_sdl.c:342:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	addr_port = atoi(colon + 1);
data/chocolate-doom-3.0.1/src/net_server.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/chocolate-doom-3.0.1/src/net_server.c:209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/chocolate-doom-3.0.1/src/net_server.c:413:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&wait_data.wad_sha1sum, &controller->wad_sha1sum,
data/chocolate-doom-3.0.1/src/net_server.c:415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&wait_data.deh_sha1sum, &controller->deh_sha1sum,
data/chocolate-doom-3.0.1/src/net_server.c:629:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char reject_msg[256];
data/chocolate-doom-3.0.1/src/net_server.c:735:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(client->wad_sha1sum, data.wad_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/net_server.c:736:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(client->deh_sha1sum, data.deh_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/setup/display.c:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[15];
data/chocolate-doom-3.0.1/src/setup/execute.c:121:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    result->stream = fopen(result->response_file, "w");
data/chocolate-doom-3.0.1/src/setup/execute.c:170:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_OEMCP, 0,
data/chocolate-doom-3.0.1/src/setup/execute.c:181:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t exe_path[MAX_PATH];
data/chocolate-doom-3.0.1/src/setup/execute.c:213:5:  [2] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant string.
    wcscat(result, L"\" \"");
data/chocolate-doom-3.0.1/src/setup/execute.c:295:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *argv[3];
data/chocolate-doom-3.0.1/src/setup/joystick.c:657:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/src/setup/joystick.c:1105:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[32];
data/chocolate-doom-3.0.1/src/setup/keyboard.c:165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:123:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *chat_macros[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:125:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *wads[NUM_WADS];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:126:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *extra_params[NUM_EXTRA_PARAMS];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:393:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:921:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ping_time_str[16];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:922:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char description[47];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[15];
data/chocolate-doom-3.0.1/src/setup/txt_joyaxis.c:429:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[JOYSTICK_AXIS_WIDTH + 1];
data/chocolate-doom-3.0.1/src/setup/txt_joybinput.c:252:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/chocolate-doom-3.0.1/src/setup/txt_keyinput.c:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/chocolate-doom-3.0.1/src/setup/txt_mouseinput.c:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/chocolate-doom-3.0.1/src/sha1.c:70:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(x, data, 64);
data/chocolate-doom-3.0.1/src/sha1.c:302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, hd->buf, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/strife/am_map.c:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/strife/am_map.c:477:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/strife/am_map.c:584:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[20];
data/chocolate-doom-3.0.1/src/strife/d_main.c:144:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		wadfile[1024];          // primary wad file
data/chocolate-doom-3.0.1/src/strife/d_main.c:145:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		mapdir[1024];           // directory of development maps
data/chocolate-doom-3.0.1/src/strife/d_main.c:461:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[12];
data/chocolate-doom-3.0.1/src/strife/d_main.c:901:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    serialnum = atoi(serial);
data/chocolate-doom-3.0.1/src/strife/d_main.c:925:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char title[128] = "";
data/chocolate-doom-3.0.1/src/strife/d_main.c:1272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string[80];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1475:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            file[256];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1476:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            demolumpname[9];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1687:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            scale = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1740:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msgbuf[80];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1742:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int serialnum = atoi(serial);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1857:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[3][8]=
data/chocolate-doom-3.0.1/src/strife/d_main.c:1933:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        timelimit = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1963:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            startmap = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_main.c:2002:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        startloadgame = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_net.c:44:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char exitmsg[80];
data/chocolate-doom-3.0.1/src/strife/deh_ammo.c:69:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_frame.c:126:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_misc.c:174:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_ptr.c:102:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_sound.c:86:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_thing.c:106:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_weapon.c:78:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/doomdata.h:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		toptexture[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:71:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		bottomtexture[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:72:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		midtexture[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		floorpic[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ceilingpic[8];
data/chocolate-doom-3.0.1/src/strife/doomstat.h:246:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern	char		basedefault[1024];
data/chocolate-doom-3.0.1/src/strife/f_wipe.c:61:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(array, dest, width*height*2);
data/chocolate-doom-3.0.1/src/strife/f_wipe.c:74:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wipe_scr, wipe_scr_start, width*height);
data/chocolate-doom-3.0.1/src/strife/f_wipe.c:133:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wipe_scr, wipe_scr_start, width*height);
data/chocolate-doom-3.0.1/src/strife/g_game.c:227:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     savedescription[32]; 
data/chocolate-doom-3.0.1/src/strife/g_game.c:964:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (cmd, &netcmds[i], sizeof(ticcmd_t)); 
data/chocolate-doom-3.0.1/src/strife/g_game.c:988:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                static char turbomessage[80];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mapbuf[33];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1662:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	savename[256];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1682:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    save_stream = fopen(loadpath, "rb");
data/chocolate-doom-3.0.1/src/strife/g_game.c:1803:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gamemapstr[33];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1828:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    save_stream = fopen(temp_savegame_file, "wb");
data/chocolate-doom-3.0.1/src/strife/g_game.c:2128:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/strife/g_game.c:2212:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        maxsize = atoi(myargv[i+1])*1024;
data/chocolate-doom-3.0.1/src/strife/g_game.c:2279:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char resultbuf[16];
data/chocolate-doom-3.0.1/src/strife/hu_lib.h:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	l[HU_MAXLINELENGTH+1];	// line of text
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:61:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *chat_macros[10] =
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char player_names[8][16] =
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:96:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char             chat_dest[MAXPLAYERS];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	buffer[9];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[HU_MAXLINELENGTH+2];  // esp+52h
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:477:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	chatchars[QUEUESIZE];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:543:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char         lastmessage[HU_MAXLINELENGTH+1];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.h:58:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.h:59:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char player_names[8][16];   // villsa [STRIFE]
data/chocolate-doom-3.0.1/src/strife/info.c:33:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *sprnames[NUMSPRITES+1] =
data/chocolate-doom-3.0.1/src/strife/m_menu.c:108:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char gammamsg[5][26] =
data/chocolate-doom-3.0.1/src/strife/m_menu.c:122:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char			saveOldString[SAVESTRINGSIZE];  
data/chocolate-doom-3.0.1/src/strife/m_menu.c:135:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char			savegamestrings[10][SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:137:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	endstring[160];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:149:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char    *cursorName[8] = {"M_CURS1", "M_CURS2", "M_CURS3", "M_CURS4", 
data/chocolate-doom-3.0.1/src/strife/m_menu.c:554:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        handle = fopen(fname, "rb");
data/chocolate-doom-3.0.1/src/strife/m_menu.c:817:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char    tempstring[80];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1125:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char    detailNames[2][9]	= {"M_GDHIGH","M_GDLOW"};
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1126:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	msgNames[2][9]		= {"M_MSGOFF","M_MSGON"};
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1306:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:2293:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		string[80];
data/chocolate-doom-3.0.1/src/strife/m_menu.h:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[10];
data/chocolate-doom-3.0.1/src/strife/m_random.c:29:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char rndtable[256] = {
data/chocolate-doom-3.0.1/src/strife/m_saves.c:55:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char character_name[CHARACTER_NAME_LEN]; // Name of "character" for saveslot
data/chocolate-doom-3.0.1/src/strife/m_saves.c:216:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpnum[33];
data/chocolate-doom-3.0.1/src/strife/m_saves.c:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpnum[33];
data/chocolate-doom-3.0.1/src/strife/m_saves.c:294:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if((f = fopen(srcpath, "rb")))
data/chocolate-doom-3.0.1/src/strife/m_saves.c:472:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tmpbuffer[32];
data/chocolate-doom-3.0.1/src/strife/m_saves.h:30:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char character_name[CHARACTER_NAME_LEN];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:58:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(field, ptr, len);        \
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:71:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char mission_objective[OBJECTIVE_LEN];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:108:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dialoglastmsgbuffer[48];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:111:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pickupstring[46];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:161:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *messages[MAXRNDMESSAGES];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:448:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lumpname[9];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:1053:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char choicetext[64];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:1054:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char choicetext2[64];
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:38:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char mission_objective[OBJECTIVE_LEN];
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[MDLG_CHOICELEN];          // normal text
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char textok[MDLG_MSGLEN];           // message given on success
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char textno[MDLG_MSGLEN];           // message given on failure
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MDLG_NAMELEN];            // name of speaker
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char voice[MDLG_LUMPLEN];           // voice file to play
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char backpic[MDLG_LUMPLEN];         // backdrop pic for character, if any
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[MDLG_TEXTLEN];            // main message text
data/chocolate-doom-3.0.1/src/strife/p_enemy.c:2643:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pmsgbuffer[80];
data/chocolate-doom-3.0.1/src/strife/p_inter.c:427:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pickupmsg[80];
data/chocolate-doom-3.0.1/src/strife/p_inter.c:748:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char plrkilledmsg[80];
data/chocolate-doom-3.0.1/src/strife/p_mobj.c:923:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char basename[32];
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:1593:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VERSIONSIZE]; 
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:1632:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vcheck[VERSIONSIZE]; 
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:1633:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char read_vcheck[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/strife/p_setup.c:754:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    lumpname[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.c:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	endname[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.c:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	startname[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.c:577:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char crosslinestr[90];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name1[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name2[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:457:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame1[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:458:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame2[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:459:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame3[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame4[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame5[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame6[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame7[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    frame8[9];
data/chocolate-doom-3.0.1/src/strife/p_switch.c:442:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char usemessage[92];
data/chocolate-doom-3.0.1/src/strife/p_user.c:50:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char useinventorymsg[44];    // villsa [STRIFE]
data/chocolate-doom-3.0.1/src/strife/r_data.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[8];
data/chocolate-doom-3.0.1/src/strife/r_data.c:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[8];		
data/chocolate-doom-3.0.1/src/strife/r_data.c:208:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (cache + position, source, count);
data/chocolate-doom-3.0.1/src/strife/r_data.c:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[9];
data/chocolate-doom-3.0.1/src/strife/r_data.c:747:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	namet[9];
data/chocolate-doom-3.0.1/src/strife/r_data.c:754:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (namet, name,8);
data/chocolate-doom-3.0.1/src/strife/r_data.c:826:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        name[8];
data/chocolate-doom-3.0.1/src/strife/r_data.c:842:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(name, texture->name, 8);
data/chocolate-doom-3.0.1/src/strife/r_draw.c:855:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (dest, src+((y&63)<<6), 64); 
data/chocolate-doom-3.0.1/src/strife/r_draw.c:861:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (dest, src+((y&63)<<6), SCREENWIDTH&63); 
data/chocolate-doom-3.0.1/src/strife/r_draw.c:924:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(I_VideoBuffer + ofs, background_buffer + ofs, count); 
data/chocolate-doom-3.0.1/src/strife/r_segs.c:729:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (lastopening, ceilingclip+start, 2*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/strife/r_segs.c:737:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (lastopening, floorclip+start, 2*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/strife/r_things.c:273:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (sprites[i].spriteframes, sprtemp, maxframe*sizeof(spriteframe_t));
data/chocolate-doom-3.0.1/src/strife/s_sound.c:586:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lumpnamedup[9];
data/chocolate-doom-3.0.1/src/strife/s_sound.c:768:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[9];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:204:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *invammonames[NUMAMMO] =
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:292:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char st_msgbuf[ST_MSGWIDTH];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:478:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        buf[3];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:658:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char buf[ST_MSGWIDTH];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:670:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char            buf[3];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:700:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char            buf[3];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1032:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char iconname[8];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string[16];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1204:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[128];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1287:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char sprname[8];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1435:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        namebuf[9];
data/chocolate-doom-3.0.1/src/strife/wi_stuff.c:1561:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9];
data/chocolate-doom-3.0.1/src/v_diskicon.c:58:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(d, s, w * sizeof(*d));
data/chocolate-doom-3.0.1/src/v_video.c:114:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest, src, width * sizeof(*dest));
data/chocolate-doom-3.0.1/src/v_video.c:528:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (dest, src, width * sizeof(*dest));
data/chocolate-doom-3.0.1/src/v_video.c:596:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest_screen, raw, SCREENWIDTH * SCREENHEIGHT);
data/chocolate-doom-3.0.1/src/v_video.c:642:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	palette[48];
data/chocolate-doom-3.0.1/src/v_video.c:649:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		filler[58];
data/chocolate-doom-3.0.1/src/v_video.c:754:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    handle = fopen(filename, "wb");
data/chocolate-doom-3.0.1/src/v_video.c:837:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lbmname[16]; // haleyjd 20110213: BUG FIX - 12 is too small!
data/chocolate-doom-3.0.1/src/w_checksum.c:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[9];
data/chocolate-doom-3.0.1/src/w_file_posix.c:82:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    handle = open(path, 0);
data/chocolate-doom-3.0.1/src/w_file_stdc.c:38:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fstream = fopen(path, "rb");
data/chocolate-doom-3.0.1/src/w_file_win32.c:92:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t wpath[MAX_PATH + 1];
data/chocolate-doom-3.0.1/src/w_merge.c:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sprname[4];
data/chocolate-doom-3.0.1/src/w_merge.c:209:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(newframes, sprite_frames,
data/chocolate-doom-3.0.1/src/w_merge.c:219:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result->sprname, name, 4);
data/chocolate-doom-3.0.1/src/w_merge.c:618:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(list->lumps[i], pwad.lumps[index],
data/chocolate-doom-3.0.1/src/w_wad.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		identification[4];
data/chocolate-doom-3.0.1/src/w_wad.c:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[8];
data/chocolate-doom-3.0.1/src/w_wad.c:488:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[9];
data/chocolate-doom-3.0.1/src/w_wad.c:511:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen ("waddump.txt","w");
data/chocolate-doom-3.0.1/src/w_wad.c:516:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (name,lumpinfo[i].name,8);
data/chocolate-doom-3.0.1/src/w_wad.h:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[8];
data/chocolate-doom-3.0.1/textscreen/examples/calculator.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/chocolate-doom-3.0.1/textscreen/examples/calculator.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/textscreen/examples/calculator.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/textscreen/examples/guitest.c:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[40];
data/chocolate-doom-3.0.1/textscreen/examples/guitest.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/chocolate-doom-3.0.1/textscreen/txt_desktop.c:194:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keybuf[10];
data/chocolate-doom-3.0.1/textscreen/txt_desktop.c:318:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:84:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[64];
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:110:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(result + result_len, buf, bytes);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char selected[MAX_PATH] = "";
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:288:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char selected[MAX_PATH] = "";
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:474:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *argv[4];
data/chocolate-doom-3.0.1/textscreen/txt_inputbox.c:98:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *((int *) inputbox->value) = atoi(inputbox->buffer);
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[25];
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[25];
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:250:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            spincontrol->value->i = atoi(spincontrol->buffer);
data/chocolate-doom-3.0.1/textscreen/txt_window.c:566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/chocolate-doom-3.0.1/textscreen/txt_window_action.c:31:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/textscreen/txt_window_action.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/chocolate-doom-3.0.1/msvc/win_opendir.c:95:39:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   nd = (DIR *)(malloc(sizeof(DIR) + (_tcslen(szFullPath)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:96:42:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       + _tcslen(SLASH)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:97:42:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       + _tcslen(SUFFIX) + 1)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:113:12:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					    + _tcslen(nd->dd_name) - 1
data/chocolate-doom-3.0.1/msvc/win_opendir.c:115:18:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      					    + _tcslen(nd->dd_name) - 1)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:209:31:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      dirp->dd_dir.d_namlen = _tcslen(dirp->dd_dta.name);
data/chocolate-doom-3.0.1/opl/examples/droplay.c:119:15:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        reg = fgetc(timer_data->fstream);
data/chocolate-doom-3.0.1/opl/examples/droplay.c:120:15:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        val = fgetc(timer_data->fstream);
data/chocolate-doom-3.0.1/opl/examples/droplay.c:131:21:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            val |= (fgetc(timer_data->fstream) << 8);
data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c:159:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        result = read(sound_server_pipe[1], &tone, sizeof(tone_t));
data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c:273:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(sound_server_pipe[0], &tone, sizeof(tone_t)) < 0)
data/chocolate-doom-3.0.1/src/d_iwad.c:317:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            path = unstr + strlen(UNINSTALLER_STRING);
data/chocolate-doom-3.0.1/src/d_iwad.c:393:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (current_path != NULL && strlen(current_path) > 0)
data/chocolate-doom-3.0.1/src/d_iwad.c:405:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(install_path) + strlen(STEAM_BFG_GUS_PATCHES) + 20;
data/chocolate-doom-3.0.1/src/d_iwad.c:405:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(install_path) + strlen(STEAM_BFG_GUS_PATCHES) + 20;
data/chocolate-doom-3.0.1/src/d_iwad.c:456:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    path_len = strlen(path);
data/chocolate-doom-3.0.1/src/d_iwad.c:457:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename_len = strlen(filename);
data/chocolate-doom-3.0.1/src/deh_io.c:155:12:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return fgetc(context->stream);
data/chocolate-doom-3.0.1/src/deh_main.c:156:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strending = s + strlen(s) - 1;
data/chocolate-doom-3.0.1/src/deh_main.c:158:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (strlen(s) > 0 && isspace(*strending))
data/chocolate-doom-3.0.1/src/deh_main.c:351:17:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
                sscanf(line, "%19s", section_name);
data/chocolate-doom-3.0.1/src/deh_str.c:186:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(to_text) + 1;
data/chocolate-doom-3.0.1/src/deh_str.c:196:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(from_text) + 1;
data/chocolate-doom-3.0.1/src/deh_str.c:200:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(to_text) + 1;
data/chocolate-doom-3.0.1/src/doom/d_main.c:689:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            gamename_size = strlen(deh_sub) + 10;
data/chocolate-doom-3.0.1/src/doom/d_main.c:700:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while (gamename[0] != '\0' && isspace(gamename[strlen(gamename)-1]))
data/chocolate-doom-3.0.1/src/doom/d_main.c:702:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                gamename[strlen(gamename) - 1] = '\0';
data/chocolate-doom-3.0.1/src/doom/d_main.c:941:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (deh_s[strlen(deh_s) - 1] != '\n')
data/chocolate-doom-3.0.1/src/doom/d_main.c:1172:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t chex_deh_len = strlen(iwadfile) + 9;
data/chocolate-doom-3.0.1/src/doom/deh_bexstr.c:340:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(line, "%9s", s) == 0 || strncmp("[STRINGS]", s, sizeof(s)))
data/chocolate-doom-3.0.1/src/doom/f_finale.c:207:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     && finalecount>strlen (finaletext)*TEXTSPEED + TEXTWAIT)
data/chocolate-doom-3.0.1/src/doom/g_game.c:2015:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    demoname_size = strlen(name) + 5;
data/chocolate-doom-3.0.1/src/doom/m_menu.c:671:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    saveCharIndex = strlen(savegamestrings[choice]);
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1269:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1293:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1964:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (i = 0; i < strlen(messageString + start); i++)
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1984:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                start += strlen(string);
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:66:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        filename_size = strlen(savegamedir) + 32;
data/chocolate-doom-3.0.1/src/gusconf.c:101:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = fields[num_fields - 1] + strlen(fields[num_fields - 1]);
data/chocolate-doom-3.0.1/src/heretic/deh_htext.c:813:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          && repl_len > MaxStringLength(strlen(orig_text)))
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:126:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && finalecount > strlen(finaletext) * TEXTSPEED + TEXTWAIT)
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:47:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename_len = strlen(savegamedir) + strlen(SAVEGAMENAME) + 8;
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:47:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename_len = strlen(savegamedir) + strlen(SAVEGAMENAME) + 8;
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:124:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                FinaleEndCount = strlen(FinaleText) * TEXTSPEED + TEXTWAIT;
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:128:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                FinaleEndCount = strlen(FinaleText) * TEXTSPEED + TEXTWAIT;
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:198:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                HubCount = strlen(HubText) * TEXTSPEED + TEXTWAIT;
data/chocolate-doom-3.0.1/src/i_input.c:231:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(next_event.text.text) == 1
data/chocolate-doom-3.0.1/src/i_midipipe.c:391:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!UsingNativeMidi() || strlen(snd_musiccmd) > 0)
data/chocolate-doom-3.0.1/src/i_oplmusic.c:371:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    main_instrs = (genmidi_instr_t *) (lump + strlen(GENMIDI_HEADER));
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:614:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (strlen(p) > 0 && isspace(p[strlen(p) - 1]))
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:614:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (strlen(p) > 0 && isspace(p[strlen(p) - 1]))
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:616:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p[strlen(p) - 1] = '\0';
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:619:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(p) == 0)
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:765:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(name, lumpinfo[lumpnum]->name, 8);
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:966:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(snd_musiccmd) > 0)
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:1251:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(snd_musiccmd) == 0)
data/chocolate-doom-3.0.1/src/i_system.c:163:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int spaces = 35 - (strlen(msg) / 2);
data/chocolate-doom-3.0.1/src/m_cheat.c:42:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (cht->parameter_chars > 0 && strlen(cht->sequence) < cht->sequence_len)
data/chocolate-doom-3.0.1/src/m_cheat.c:45:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (cht->chars_read < strlen(cht->sequence))
data/chocolate-doom-3.0.1/src/m_cheat.c:68:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (cht->chars_read >= strlen(cht->sequence)
data/chocolate-doom-3.0.1/src/m_config.c:1889:13:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (fscanf(f, "%79s %99[^\n]\n", defname, strparm) != 2)
data/chocolate-doom-3.0.1/src/m_config.c:1911:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        while (strlen(strparm) > 0 && !isprint(strparm[strlen(strparm)-1]))
data/chocolate-doom-3.0.1/src/m_config.c:1911:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        while (strlen(strparm) > 0 && !isprint(strparm[strlen(strparm)-1]))
data/chocolate-doom-3.0.1/src/m_config.c:1913:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strparm[strlen(strparm)-1] = '\0';
data/chocolate-doom-3.0.1/src/m_config.c:1917:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(strparm) >= 2
data/chocolate-doom-3.0.1/src/m_config.c:1918:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         && strparm[0] == '"' && strparm[strlen(strparm) - 1] == '"')
data/chocolate-doom-3.0.1/src/m_config.c:1920:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strparm[strlen(strparm) - 1] = '\0';
data/chocolate-doom-3.0.1/src/m_misc.c:140:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(filename) > 1)
data/chocolate-doom-3.0.1/src/m_misc.c:273:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    src = path + strlen(path) - 1;
data/chocolate-doom-3.0.1/src/m_misc.c:353:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    haystack_len = strlen(haystack);
data/chocolate-doom-3.0.1/src/m_misc.c:354:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    needle_len = strlen(needle);
data/chocolate-doom-3.0.1/src/m_misc.c:388:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(orig));
data/chocolate-doom-3.0.1/src/m_misc.c:403:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t needle_len = strlen(needle);
data/chocolate-doom-3.0.1/src/m_misc.c:408:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result_len = strlen(haystack) + 1;
data/chocolate-doom-3.0.1/src/m_misc.c:420:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_len += strlen(replacement) - needle_len;
data/chocolate-doom-3.0.1/src/m_misc.c:441:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            dst += strlen(replacement);
data/chocolate-doom-3.0.1/src/m_misc.c:442:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            dst_len -= strlen(replacement);
data/chocolate-doom-3.0.1/src/m_misc.c:467:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(dest, src, dest_size - 1);
data/chocolate-doom-3.0.1/src/m_misc.c:474:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(dest);
data/chocolate-doom-3.0.1/src/m_misc.c:485:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    offset = strlen(dest);
data/chocolate-doom-3.0.1/src/m_misc.c:498:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(s) > strlen(prefix)
data/chocolate-doom-3.0.1/src/m_misc.c:498:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(s) > strlen(prefix)
data/chocolate-doom-3.0.1/src/m_misc.c:499:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strncmp(s, prefix, strlen(prefix)) == 0;
data/chocolate-doom-3.0.1/src/m_misc.c:506:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(s) >= strlen(suffix)
data/chocolate-doom-3.0.1/src/m_misc.c:506:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(s) >= strlen(suffix)
data/chocolate-doom-3.0.1/src/m_misc.c:507:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strcmp(s + strlen(s) - strlen(suffix), suffix) == 0;
data/chocolate-doom-3.0.1/src/m_misc.c:507:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strcmp(s + strlen(s) - strlen(suffix), suffix) == 0;
data/chocolate-doom-3.0.1/src/m_misc.c:520:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result_len = strlen(s) + 1;
data/chocolate-doom-3.0.1/src/m_misc.c:531:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_len += strlen(v);
data/chocolate-doom-3.0.1/src/m_misc.c:609:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unsigned int len = strlen(oem) + 1;
data/chocolate-doom-3.0.1/src/midifile.c:114:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c = fgetc(stream);
data/chocolate-doom-3.0.1/src/net_packet.c:310:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    string_size = strlen(string) + 1;
data/chocolate-doom-3.0.1/src/net_structrw.c:501:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (s == NULL || strlen(s) >= MAXPLAYERNAME)
data/chocolate-doom-3.0.1/src/net_structrw.c:510:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (s == NULL || strlen(s) >= MAXPLAYERNAME)
data/chocolate-doom-3.0.1/src/setup/execute.c:171:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        value, strlen(value) + 1,
data/chocolate-doom-3.0.1/src/setup/execute.c:172:31:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        buf + wcslen(buf), strlen(value) + 1);
data/chocolate-doom-3.0.1/src/setup/execute.c:172:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        buf + wcslen(buf), strlen(value) + 1);
data/chocolate-doom-3.0.1/src/setup/execute.c:191:21:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = calloc(wcslen(exe_path) + strlen(program) + strlen(arg) + 6,
data/chocolate-doom-3.0.1/src/setup/execute.c:191:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = calloc(wcslen(exe_path) + strlen(program) + strlen(arg) + 6,
data/chocolate-doom-3.0.1/src/setup/execute.c:191:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = calloc(wcslen(exe_path) + strlen(program) + strlen(arg) + 6,
data/chocolate-doom-3.0.1/src/setup/execute.c:194:5:  [1] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant character.
    wcscpy(result, L"\"");
data/chocolate-doom-3.0.1/src/setup/execute.c:203:9:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        wcsncpy(result + 1, exe_path, sep - exe_path + 1);
data/chocolate-doom-3.0.1/src/setup/execute.c:217:5:  [1] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant
  character.
    wcscat(result, L"\"");
data/chocolate-doom-3.0.1/src/setup/execute.c:279:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_len = strlen(program) + path_len + 1;
data/chocolate-doom-3.0.1/src/setup/joystick.c:619:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(known_joysticks[i].name) - 1) != 0)
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:172:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (wads[i] != NULL && strlen(wads[i]) > 0)
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:190:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (extra_params[i] != NULL && strlen(extra_params[i]) > 0)
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:814:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (connect_address == NULL || strlen(connect_address) <= 0)
data/chocolate-doom-3.0.1/src/sha1.c:319:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    SHA1_Update(context, (byte *) str, strlen(str) + 1);
data/chocolate-doom-3.0.1/src/strife/d_main.c:794:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            gamename_size = strlen(deh_sub) + 10;
data/chocolate-doom-3.0.1/src/strife/d_main.c:804:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while (gamename[0] != '\0' && isspace(gamename[strlen(gamename)-1]))
data/chocolate-doom-3.0.1/src/strife/d_main.c:805:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                gamename[strlen(gamename) - 1] = '\0';
data/chocolate-doom-3.0.1/src/strife/d_main.c:847:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t  len      = strlen(iwad) + 1;
data/chocolate-doom-3.0.1/src/strife/d_main.c:997:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (deh_s[strlen(deh_s) - 1] != '\n')
data/chocolate-doom-3.0.1/src/strife/d_main.c:1170:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0; i < strlen(string); i++)
data/chocolate-doom-3.0.1/src/strife/d_main.c:1327:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        D_SetCursorPosition(40 - strlen(string) / 2, 5);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1331:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        D_SetCursorPosition(40 - strlen(string) / 2, 7);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1335:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        D_SetCursorPosition(40 - strlen(string) / 2, 9);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1339:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        D_SetCursorPosition(40 - strlen(string) / 2, 11);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1343:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        D_SetCursorPosition(40 - strlen(string) / 2, 14);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1347:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        D_SetCursorPosition(40 - strlen(string) / 2, 17);
data/chocolate-doom-3.0.1/src/strife/g_game.c:2197:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    demoname_size = strlen(name) + 5;
data/chocolate-doom-3.0.1/src/strife/m_menu.c:773:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    saveCharIndex = strlen(savegamestrings[choice]);
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1496:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1520:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/strife/m_menu.c:2308:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (i = 0; i < strlen(messageString + start); i++)
data/chocolate-doom-3.0.1/src/strife/m_menu.c:2329:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                start += strlen(string);
data/chocolate-doom-3.0.1/src/strife/m_saves.c:351:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(str1);
data/chocolate-doom-3.0.1/src/strife/m_saves.c:363:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(argstr);
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:70:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        filename_size = strlen(savegamedir) + 32;
data/chocolate-doom-3.0.1/src/w_file_posix.c:141:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        result = read(posix_wad->handle, byte_buffer, buffer_len);
data/chocolate-doom-3.0.1/src/w_file_win32.c:98:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        path, strlen(path) + 1,
data/chocolate-doom-3.0.1/src/w_wad.c:143:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strcasecmp(filename+strlen(filename)-3 , "wad" ) )
data/chocolate-doom-3.0.1/src/w_wad.c:219:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(lump_p->name, filerover->name, 8);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:92:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bytes = read(pipefd[0], buf, sizeof(buf));
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:115:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(100 * 1000);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:227:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_len += 16 + strlen(extensions[i]) * 3;
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:347:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = malloc(strlen(s) + 3);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:380:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_len += 5 + strlen(extensions[i]) * 2;
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:424:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_len += strlen(window_title);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:428:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_len += strlen(ext_list);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:459:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result_len = strlen(APPLESCRIPT_WRAPPER) + strlen(selector);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:459:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result_len = strlen(APPLESCRIPT_WRAPPER) + strlen(selector);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:531:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    oldlen = strlen(orig);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:579:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = 10 + strlen(window_title);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:597:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len = 30 + strlen(extensions[i]) + strlen(newext);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:597:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len = 30 + strlen(extensions[i]) + strlen(newext);
data/chocolate-doom-3.0.1/textscreen/txt_gui.c:253:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    TXT_GotoXY(x + strlen(s), y);
data/chocolate-doom-3.0.1/textscreen/txt_inputbox.c:205:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = inputbox->buffer + strlen(inputbox->buffer);
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:914:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dest, src, dest_len - 1);
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:921:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    offset = strlen(dest);
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:56:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(buf);
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:210:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     && strlen(spincontrol->buffer) < spincontrol->buffer_len - 2)
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:212:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        spincontrol->buffer[strlen(spincontrol->buffer) + 1] = '\0';
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:213:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        spincontrol->buffer[strlen(spincontrol->buffer)] = key;
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:221:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        spincontrol->buffer[strlen(spincontrol->buffer) - 1] = '\0';
data/chocolate-doom-3.0.1/textscreen/txt_window.c:530:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmd_len = strlen(url) + 30;

ANALYSIS SUMMARY:

Hits = 828
Lines analyzed = 302414 in approximately 5.44 seconds (55590 lines/second)
Physical Source Lines of Code (SLOC) = 210722
Hits@level = [0] 440 [1] 157 [2] 617 [3]  24 [4]  29 [5]   1
Hits@level+ = [0+] 1268 [1+] 828 [2+] 671 [3+]  54 [4+]  30 [5+]   1
Hits/KSLOC@level+ = [0+] 6.01741 [1+] 3.92935 [2+] 3.18429 [3+] 0.256262 [4+] 0.142368 [5+] 0.00474559
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.