Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/d1x-rebirth-0.58.1/2d/2dsline.c Examining data/d1x-rebirth-0.58.1/2d/bitblt.c Examining data/d1x-rebirth-0.58.1/2d/bitmap.c Examining data/d1x-rebirth-0.58.1/2d/bitmap.h Examining data/d1x-rebirth-0.58.1/2d/box.c Examining data/d1x-rebirth-0.58.1/2d/canvas.c Examining data/d1x-rebirth-0.58.1/2d/circle.c Examining data/d1x-rebirth-0.58.1/2d/clip.h Examining data/d1x-rebirth-0.58.1/2d/disc.c Examining data/d1x-rebirth-0.58.1/2d/font.c Examining data/d1x-rebirth-0.58.1/2d/gpixel.c Examining data/d1x-rebirth-0.58.1/2d/line.c Examining data/d1x-rebirth-0.58.1/2d/palette.c Examining data/d1x-rebirth-0.58.1/2d/pcx.c Examining data/d1x-rebirth-0.58.1/2d/pixel.c Examining data/d1x-rebirth-0.58.1/2d/poly.c Examining data/d1x-rebirth-0.58.1/2d/rect.c Examining data/d1x-rebirth-0.58.1/2d/rle.c Examining data/d1x-rebirth-0.58.1/2d/scalec.c Examining data/d1x-rebirth-0.58.1/3d/clipper.c Examining data/d1x-rebirth-0.58.1/3d/clipper.h Examining data/d1x-rebirth-0.58.1/3d/draw.c Examining data/d1x-rebirth-0.58.1/3d/globvars.c Examining data/d1x-rebirth-0.58.1/3d/globvars.h Examining data/d1x-rebirth-0.58.1/3d/instance.c Examining data/d1x-rebirth-0.58.1/3d/interp.c Examining data/d1x-rebirth-0.58.1/3d/matrix.c Examining data/d1x-rebirth-0.58.1/3d/points.c Examining data/d1x-rebirth-0.58.1/3d/rod.c Examining data/d1x-rebirth-0.58.1/3d/setup.c Examining data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c Examining data/d1x-rebirth-0.58.1/arch/carbon/conf.h Examining data/d1x-rebirth-0.58.1/arch/carbon/messagebox.c Examining data/d1x-rebirth-0.58.1/arch/cocoa/SDLMain.h Examining data/d1x-rebirth-0.58.1/arch/include/digi_audio.h Examining data/d1x-rebirth-0.58.1/arch/include/digi_mixer.h Examining data/d1x-rebirth-0.58.1/arch/include/digi_mixer_music.h Examining data/d1x-rebirth-0.58.1/arch/include/event.h Examining data/d1x-rebirth-0.58.1/arch/include/joy.h Examining data/d1x-rebirth-0.58.1/arch/include/jukebox.h Examining data/d1x-rebirth-0.58.1/arch/include/key.h Examining data/d1x-rebirth-0.58.1/arch/include/messagebox.h Examining data/d1x-rebirth-0.58.1/arch/include/mouse.h Examining data/d1x-rebirth-0.58.1/arch/include/window.h Examining data/d1x-rebirth-0.58.1/arch/ogl/gr.c Examining data/d1x-rebirth-0.58.1/arch/ogl/ogl.c Examining data/d1x-rebirth-0.58.1/arch/sdl/digi.c Examining data/d1x-rebirth-0.58.1/arch/sdl/digi_audio.c Examining data/d1x-rebirth-0.58.1/arch/sdl/digi_mixer.c Examining data/d1x-rebirth-0.58.1/arch/sdl/digi_mixer_music.c Examining data/d1x-rebirth-0.58.1/arch/sdl/event.c Examining data/d1x-rebirth-0.58.1/arch/sdl/gr.c Examining data/d1x-rebirth-0.58.1/arch/sdl/init.c Examining data/d1x-rebirth-0.58.1/arch/sdl/joy.c Examining data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c Examining data/d1x-rebirth-0.58.1/arch/sdl/key.c Examining data/d1x-rebirth-0.58.1/arch/sdl/mouse.c Examining data/d1x-rebirth-0.58.1/arch/sdl/rbaudio.c Examining data/d1x-rebirth-0.58.1/arch/sdl/timer.c Examining data/d1x-rebirth-0.58.1/arch/sdl/window.c Examining data/d1x-rebirth-0.58.1/arch/win32/include/resource.h Examining data/d1x-rebirth-0.58.1/arch/win32/messagebox.c Examining data/d1x-rebirth-0.58.1/editor/autosave.c Examining data/d1x-rebirth-0.58.1/editor/centers.c Examining data/d1x-rebirth-0.58.1/editor/curves.c Examining data/d1x-rebirth-0.58.1/editor/eglobal.c Examining data/d1x-rebirth-0.58.1/editor/ehostage.c Examining data/d1x-rebirth-0.58.1/editor/elight.c Examining data/d1x-rebirth-0.58.1/editor/eobject.c Examining data/d1x-rebirth-0.58.1/editor/eswitch.c Examining data/d1x-rebirth-0.58.1/editor/fixseg.c Examining data/d1x-rebirth-0.58.1/editor/func.c Examining data/d1x-rebirth-0.58.1/editor/group.c Examining data/d1x-rebirth-0.58.1/editor/info.c Examining data/d1x-rebirth-0.58.1/editor/kbuild.c Examining data/d1x-rebirth-0.58.1/editor/kcurve.c Examining data/d1x-rebirth-0.58.1/editor/kfuncs.c Examining data/d1x-rebirth-0.58.1/editor/kgame.c Examining data/d1x-rebirth-0.58.1/editor/khelp.c Examining data/d1x-rebirth-0.58.1/editor/kmine.c Examining data/d1x-rebirth-0.58.1/editor/ksegmove.c Examining data/d1x-rebirth-0.58.1/editor/ksegsel.c Examining data/d1x-rebirth-0.58.1/editor/ksegsize.c Examining data/d1x-rebirth-0.58.1/editor/ktmap.c Examining data/d1x-rebirth-0.58.1/editor/kview.c Examining data/d1x-rebirth-0.58.1/editor/med.c Examining data/d1x-rebirth-0.58.1/editor/meddraw.c Examining data/d1x-rebirth-0.58.1/editor/medmisc.c Examining data/d1x-rebirth-0.58.1/editor/medrobot.c Examining data/d1x-rebirth-0.58.1/editor/medsel.c Examining data/d1x-rebirth-0.58.1/editor/medwall.c Examining data/d1x-rebirth-0.58.1/editor/mine.c Examining data/d1x-rebirth-0.58.1/editor/objpage.c Examining data/d1x-rebirth-0.58.1/editor/segment.c Examining data/d1x-rebirth-0.58.1/editor/seguvs.c Examining data/d1x-rebirth-0.58.1/editor/texpage.c Examining data/d1x-rebirth-0.58.1/editor/texture.c Examining data/d1x-rebirth-0.58.1/iff/iff.c Examining data/d1x-rebirth-0.58.1/include/3d.h Examining data/d1x-rebirth-0.58.1/include/args.h Examining data/d1x-rebirth-0.58.1/include/byteswap.h Examining data/d1x-rebirth-0.58.1/include/console.h Examining data/d1x-rebirth-0.58.1/include/dl_list.h Examining data/d1x-rebirth-0.58.1/include/dxxerror.h Examining data/d1x-rebirth-0.58.1/include/editor/centers.h Examining data/d1x-rebirth-0.58.1/include/editor/editor.h Examining data/d1x-rebirth-0.58.1/include/editor/ehostage.h Examining data/d1x-rebirth-0.58.1/include/editor/eobject.h Examining data/d1x-rebirth-0.58.1/include/editor/esegment.h Examining data/d1x-rebirth-0.58.1/include/editor/eswitch.h Examining data/d1x-rebirth-0.58.1/include/editor/info.h Examining data/d1x-rebirth-0.58.1/include/editor/kdefs.h Examining data/d1x-rebirth-0.58.1/include/editor/kfuncs.h Examining data/d1x-rebirth-0.58.1/include/editor/macro.h Examining data/d1x-rebirth-0.58.1/include/editor/meddraw.h Examining data/d1x-rebirth-0.58.1/include/editor/medlisp.h Examining data/d1x-rebirth-0.58.1/include/editor/medmisc.h Examining data/d1x-rebirth-0.58.1/include/editor/medrobot.h Examining data/d1x-rebirth-0.58.1/include/editor/medsel.h Examining data/d1x-rebirth-0.58.1/include/editor/medwall.h Examining data/d1x-rebirth-0.58.1/include/editor/objpage.h Examining data/d1x-rebirth-0.58.1/include/editor/seguvs.h Examining data/d1x-rebirth-0.58.1/include/editor/texpage.h Examining data/d1x-rebirth-0.58.1/include/fix.h Examining data/d1x-rebirth-0.58.1/include/func.h Examining data/d1x-rebirth-0.58.1/include/gr.h Examining data/d1x-rebirth-0.58.1/include/grdef.h Examining data/d1x-rebirth-0.58.1/include/hmp.h Examining data/d1x-rebirth-0.58.1/include/iff.h Examining data/d1x-rebirth-0.58.1/include/ignorecase.h Examining data/d1x-rebirth-0.58.1/include/internal.h Examining data/d1x-rebirth-0.58.1/include/loadgl.h Examining data/d1x-rebirth-0.58.1/include/makesig.h Examining data/d1x-rebirth-0.58.1/include/maths.h Examining data/d1x-rebirth-0.58.1/include/ogl_init.h Examining data/d1x-rebirth-0.58.1/include/palette.h Examining data/d1x-rebirth-0.58.1/include/pcx.h Examining data/d1x-rebirth-0.58.1/include/physfsx.h Examining data/d1x-rebirth-0.58.1/include/pstypes.h Examining data/d1x-rebirth-0.58.1/include/rbaudio.h Examining data/d1x-rebirth-0.58.1/include/rle.h Examining data/d1x-rebirth-0.58.1/include/strio.h Examining data/d1x-rebirth-0.58.1/include/strutil.h Examining data/d1x-rebirth-0.58.1/include/texmap.h Examining data/d1x-rebirth-0.58.1/include/timer.h Examining data/d1x-rebirth-0.58.1/include/u_mem.h Examining data/d1x-rebirth-0.58.1/include/ui.h Examining data/d1x-rebirth-0.58.1/include/vecmat.h Examining data/d1x-rebirth-0.58.1/main/ai.c Examining data/d1x-rebirth-0.58.1/main/ai.h Examining data/d1x-rebirth-0.58.1/main/aipath.c Examining data/d1x-rebirth-0.58.1/main/aistruct.h Examining data/d1x-rebirth-0.58.1/main/automap.c Examining data/d1x-rebirth-0.58.1/main/automap.h Examining data/d1x-rebirth-0.58.1/main/bm.c Examining data/d1x-rebirth-0.58.1/main/bm.h Examining data/d1x-rebirth-0.58.1/main/bmread.c Examining data/d1x-rebirth-0.58.1/main/cntrlcen.c Examining data/d1x-rebirth-0.58.1/main/cntrlcen.h Examining data/d1x-rebirth-0.58.1/main/collide.c Examining data/d1x-rebirth-0.58.1/main/collide.h Examining data/d1x-rebirth-0.58.1/main/config.c Examining data/d1x-rebirth-0.58.1/main/config.h Examining data/d1x-rebirth-0.58.1/main/console.c Examining data/d1x-rebirth-0.58.1/main/controls.c Examining data/d1x-rebirth-0.58.1/main/controls.h Examining data/d1x-rebirth-0.58.1/main/credits.c Examining data/d1x-rebirth-0.58.1/main/credits.h Examining data/d1x-rebirth-0.58.1/main/custom.c Examining data/d1x-rebirth-0.58.1/main/custom.h Examining data/d1x-rebirth-0.58.1/main/digi.h Examining data/d1x-rebirth-0.58.1/main/digicomp.c Examining data/d1x-rebirth-0.58.1/main/digicomp.h Examining data/d1x-rebirth-0.58.1/main/digiobj.c Examining data/d1x-rebirth-0.58.1/main/dumpmine.c Examining data/d1x-rebirth-0.58.1/main/effects.c Examining data/d1x-rebirth-0.58.1/main/effects.h Examining data/d1x-rebirth-0.58.1/main/endlevel.c Examining data/d1x-rebirth-0.58.1/main/endlevel.h Examining data/d1x-rebirth-0.58.1/main/fireball.c Examining data/d1x-rebirth-0.58.1/main/fireball.h Examining data/d1x-rebirth-0.58.1/main/fuelcen.c Examining data/d1x-rebirth-0.58.1/main/fuelcen.h Examining data/d1x-rebirth-0.58.1/main/fvi.c Examining data/d1x-rebirth-0.58.1/main/fvi.h Examining data/d1x-rebirth-0.58.1/main/game.c Examining data/d1x-rebirth-0.58.1/main/game.h Examining data/d1x-rebirth-0.58.1/main/gamecntl.c Examining data/d1x-rebirth-0.58.1/main/gamefont.c Examining data/d1x-rebirth-0.58.1/main/gamefont.h Examining data/d1x-rebirth-0.58.1/main/gamemine.c Examining data/d1x-rebirth-0.58.1/main/gamemine.h Examining data/d1x-rebirth-0.58.1/main/gamerend.c Examining data/d1x-rebirth-0.58.1/main/gamesave.c Examining data/d1x-rebirth-0.58.1/main/gamesave.h Examining data/d1x-rebirth-0.58.1/main/gameseg.c Examining data/d1x-rebirth-0.58.1/main/gameseg.h Examining data/d1x-rebirth-0.58.1/main/gameseq.c Examining data/d1x-rebirth-0.58.1/main/gameseq.h Examining data/d1x-rebirth-0.58.1/main/gauges.c Examining data/d1x-rebirth-0.58.1/main/gauges.h Examining data/d1x-rebirth-0.58.1/main/hash.h Examining data/d1x-rebirth-0.58.1/main/hostage.c Examining data/d1x-rebirth-0.58.1/main/hostage.h Examining data/d1x-rebirth-0.58.1/main/hud.c Examining data/d1x-rebirth-0.58.1/main/hudmsg.h Examining data/d1x-rebirth-0.58.1/main/inferno.h Examining data/d1x-rebirth-0.58.1/main/kconfig.c Examining data/d1x-rebirth-0.58.1/main/kconfig.h Examining data/d1x-rebirth-0.58.1/main/kmatrix.c Examining data/d1x-rebirth-0.58.1/main/kmatrix.h Examining data/d1x-rebirth-0.58.1/main/laser.c Examining data/d1x-rebirth-0.58.1/main/laser.h Examining data/d1x-rebirth-0.58.1/main/lighting.c Examining data/d1x-rebirth-0.58.1/main/lighting.h Examining data/d1x-rebirth-0.58.1/main/menu.c Examining data/d1x-rebirth-0.58.1/main/menu.h Examining data/d1x-rebirth-0.58.1/main/mglobal.c Examining data/d1x-rebirth-0.58.1/main/mission.c Examining data/d1x-rebirth-0.58.1/main/mission.h Examining data/d1x-rebirth-0.58.1/main/morph.c Examining data/d1x-rebirth-0.58.1/main/morph.h Examining data/d1x-rebirth-0.58.1/main/multi.c Examining data/d1x-rebirth-0.58.1/main/multibot.c Examining data/d1x-rebirth-0.58.1/main/multibot.h Examining data/d1x-rebirth-0.58.1/main/net_udp.c Examining data/d1x-rebirth-0.58.1/main/net_udp.h Examining data/d1x-rebirth-0.58.1/main/newdemo.c Examining data/d1x-rebirth-0.58.1/main/newdemo.h Examining data/d1x-rebirth-0.58.1/main/newmenu.c Examining data/d1x-rebirth-0.58.1/main/newmenu.h Examining data/d1x-rebirth-0.58.1/main/object.c Examining data/d1x-rebirth-0.58.1/main/object.h Examining data/d1x-rebirth-0.58.1/main/paging.c Examining data/d1x-rebirth-0.58.1/main/paging.h Examining data/d1x-rebirth-0.58.1/main/physics.c Examining data/d1x-rebirth-0.58.1/main/physics.h Examining data/d1x-rebirth-0.58.1/main/piggy.c Examining data/d1x-rebirth-0.58.1/main/piggy.h Examining data/d1x-rebirth-0.58.1/main/player.c Examining data/d1x-rebirth-0.58.1/main/player.h Examining data/d1x-rebirth-0.58.1/main/playsave.c Examining data/d1x-rebirth-0.58.1/main/playsave.h Examining data/d1x-rebirth-0.58.1/main/polyobj.c Examining data/d1x-rebirth-0.58.1/main/polyobj.h Examining data/d1x-rebirth-0.58.1/main/powerup.c Examining data/d1x-rebirth-0.58.1/main/powerup.h Examining data/d1x-rebirth-0.58.1/main/render.c Examining data/d1x-rebirth-0.58.1/main/render.h Examining data/d1x-rebirth-0.58.1/main/robot.c Examining data/d1x-rebirth-0.58.1/main/robot.h Examining data/d1x-rebirth-0.58.1/main/scores.c Examining data/d1x-rebirth-0.58.1/main/scores.h Examining data/d1x-rebirth-0.58.1/main/screens.h Examining data/d1x-rebirth-0.58.1/main/segment.h Examining data/d1x-rebirth-0.58.1/main/segpoint.h Examining data/d1x-rebirth-0.58.1/main/slew.c Examining data/d1x-rebirth-0.58.1/main/slew.h Examining data/d1x-rebirth-0.58.1/main/snddecom.c Examining data/d1x-rebirth-0.58.1/main/snddecom.h Examining data/d1x-rebirth-0.58.1/main/songs.c Examining data/d1x-rebirth-0.58.1/main/songs.h Examining data/d1x-rebirth-0.58.1/main/sounds.h Examining data/d1x-rebirth-0.58.1/main/state.c Examining data/d1x-rebirth-0.58.1/main/state.h Examining data/d1x-rebirth-0.58.1/main/switch.c Examining data/d1x-rebirth-0.58.1/main/switch.h Examining data/d1x-rebirth-0.58.1/main/terrain.c Examining data/d1x-rebirth-0.58.1/main/terrain.h Examining data/d1x-rebirth-0.58.1/main/texmerge.c Examining data/d1x-rebirth-0.58.1/main/texmerge.h Examining data/d1x-rebirth-0.58.1/main/text.c Examining data/d1x-rebirth-0.58.1/main/text.h Examining data/d1x-rebirth-0.58.1/main/textures.h Examining data/d1x-rebirth-0.58.1/main/titles.c Examining data/d1x-rebirth-0.58.1/main/titles.h Examining data/d1x-rebirth-0.58.1/main/vclip.c Examining data/d1x-rebirth-0.58.1/main/vclip.h Examining data/d1x-rebirth-0.58.1/main/vers_id.c Examining data/d1x-rebirth-0.58.1/main/vers_id.h Examining data/d1x-rebirth-0.58.1/main/wall.c Examining data/d1x-rebirth-0.58.1/main/wall.h Examining data/d1x-rebirth-0.58.1/main/weapon.c Examining data/d1x-rebirth-0.58.1/main/weapon.h Examining data/d1x-rebirth-0.58.1/main/inferno.c Examining data/d1x-rebirth-0.58.1/main/multi.h Examining data/d1x-rebirth-0.58.1/maths/fixc.c Examining data/d1x-rebirth-0.58.1/maths/rand.c Examining data/d1x-rebirth-0.58.1/maths/tables.c Examining data/d1x-rebirth-0.58.1/maths/vecmat.c Examining data/d1x-rebirth-0.58.1/mem/mem.c Examining data/d1x-rebirth-0.58.1/misc/args.c Examining data/d1x-rebirth-0.58.1/misc/dl_list.c Examining data/d1x-rebirth-0.58.1/misc/error.c Examining data/d1x-rebirth-0.58.1/misc/hash.c Examining data/d1x-rebirth-0.58.1/misc/hmp.c Examining data/d1x-rebirth-0.58.1/misc/ignorecase.c Examining data/d1x-rebirth-0.58.1/misc/physfsx.c Examining data/d1x-rebirth-0.58.1/misc/strio.c Examining data/d1x-rebirth-0.58.1/misc/strutil.c Examining data/d1x-rebirth-0.58.1/texmap/scanline.c Examining data/d1x-rebirth-0.58.1/texmap/scanline.h Examining data/d1x-rebirth-0.58.1/texmap/texmapl.h Examining data/d1x-rebirth-0.58.1/texmap/tmapflat.c Examining data/d1x-rebirth-0.58.1/texmap/ntmap.c Examining data/d1x-rebirth-0.58.1/ui/button.c Examining data/d1x-rebirth-0.58.1/ui/checkbox.c Examining data/d1x-rebirth-0.58.1/ui/dialog.c Examining data/d1x-rebirth-0.58.1/ui/file.c Examining data/d1x-rebirth-0.58.1/ui/gadget.c Examining data/d1x-rebirth-0.58.1/ui/icon.c Examining data/d1x-rebirth-0.58.1/ui/inputbox.c Examining data/d1x-rebirth-0.58.1/ui/keypad.c Examining data/d1x-rebirth-0.58.1/ui/keypress.c Examining data/d1x-rebirth-0.58.1/ui/keytrap.c Examining data/d1x-rebirth-0.58.1/ui/listbox.c Examining data/d1x-rebirth-0.58.1/ui/menu.c Examining data/d1x-rebirth-0.58.1/ui/menubar.c Examining data/d1x-rebirth-0.58.1/ui/message.c Examining data/d1x-rebirth-0.58.1/ui/popup.c Examining data/d1x-rebirth-0.58.1/ui/radio.c Examining data/d1x-rebirth-0.58.1/ui/scroll.c Examining data/d1x-rebirth-0.58.1/ui/ui.c Examining data/d1x-rebirth-0.58.1/ui/uidraw.c Examining data/d1x-rebirth-0.58.1/ui/userbox.c Examining data/d1x-rebirth-0.58.1/utilities/extractD1Data.cpp FINAL RESULTS: data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:265:3: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(hud_msg_buf, &music_filename[strlen(music_filename) - MUSIC_HUDMSG_MAXLEN], MUSIC_HUDMSG_MAXLEN); data/d1x-rebirth-0.58.1/2d/font.c:903:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer,format,args); data/d1x-rebirth-0.58.1/2d/font.c:913:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer,format,args); data/d1x-rebirth-0.58.1/arch/ogl/gr.c:1099:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(savename, "%sscrn%04d.tga",SCRNS_DIR, savenum++); data/d1x-rebirth-0.58.1/arch/ogl/ogl.c:1660:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "textures/%s.png", bitmapname); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:252:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(full_filename, music_filename); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:268:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hud_msg_buf, music_filename); data/d1x-rebirth-0.58.1/editor/autosave.c:71:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( delname, mine_filename ); data/d1x-rebirth-0.58.1/editor/autosave.c:94:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( savename, name ); data/d1x-rebirth-0.58.1/editor/autosave.c:141:4: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(the_time, format, ap); data/d1x-rebirth-0.58.1/editor/group.c:1059:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ErrorMessage, "ERROR: Unable to open %s\n", filename ); data/d1x-rebirth-0.58.1/editor/group.c:1199:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ErrorMessage, "ERROR: Unable to open %s\n", filename ); data/d1x-rebirth-0.58.1/editor/group.c:1233:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ErrorMessage, "ErrorMessage: You are trying to load %s\n" \ data/d1x-rebirth-0.58.1/editor/kmine.c:194:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ErrorMessage, "ERROR: Unable to open %s\n", filename ); data/d1x-rebirth-0.58.1/editor/med.c:177:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(status_line, format, ap); data/d1x-rebirth-0.58.1/editor/med.c:185:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(status_line, text); data/d1x-rebirth-0.58.1/editor/med.c:224:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(sub_status_line, format, ap); data/d1x-rebirth-0.58.1/editor/med.c:304:2: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf( file, " { %s } ", buffer ); data/d1x-rebirth-0.58.1/editor/med.c:344:4: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(line_buffer, " %s %s ", keypress, LispCommand); data/d1x-rebirth-0.58.1/editor/mine.c:72:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( ErrorMessage, \ data/d1x-rebirth-0.58.1/editor/mine.c:76:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ErrorMessage, "ERROR: Unable to open %s\n", filename ); data/d1x-rebirth-0.58.1/editor/texpage.c:75:4: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(tmap_filename, format, ap); data/d1x-rebirth-0.58.1/include/dxxerror.h:39:68: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void Error(const char *fmt,...) __noreturn __attribute_gcc_format((printf, 1, 2)); //exit with error code=1, print message data/d1x-rebirth-0.58.1/include/physfsx.h:197:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, format, args); data/d1x-rebirth-0.58.1/include/strutil.h:5:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern void snprintf(char *out_string, int size, char * format, ... ); data/d1x-rebirth-0.58.1/main/ai.c:3045:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Ai_error_message, "%s\n", msg); data/d1x-rebirth-0.58.1/main/automap.c:241:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name_level, "%s %i: ",TXT_LEVEL, Current_level_num); data/d1x-rebirth-0.58.1/main/automap.c:245:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name_level, Current_level_name); data/d1x-rebirth-0.58.1/main/bmread.c:236:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tempname, "%s#%d", fname, i ); data/d1x-rebirth-0.58.1/main/bmread.c:255:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tempname, "%s#%d", fname, i ); data/d1x-rebirth-0.58.1/main/bmread.c:283:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( rawname, "Sounds/%s.raw", fname ); data/d1x-rebirth-0.58.1/main/bmread.c:589:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( TmapInfo[texture_count].filename, name ); data/d1x-rebirth-0.58.1/main/bmread.c:682:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(short_name,dest_bm); data/d1x-rebirth-0.58.1/main/bmread.c:689:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( TmapInfo[texture_count].filename, short_name); data/d1x-rebirth-0.58.1/main/bmread.c:782:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(WallAnims[clip_num].filename, arg); data/d1x-rebirth-0.58.1/main/bmread.c:794:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( TmapInfo[texture_count].filename, "%s#%d", arg, clip_count); data/d1x-rebirth-0.58.1/main/bmread.c:1098:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, &equal_ptr[1]); data/d1x-rebirth-0.58.1/main/bmread.c:1163:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Robot_names[N_robot_types], name); data/d1x-rebirth-0.58.1/main/bmread.c:1706:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Powerup_names[n], &equal_ptr[1]); data/d1x-rebirth-0.58.1/main/console.c:62:3: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf (buffer, fmt, arglist); data/d1x-rebirth-0.58.1/main/credits.c:203:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s", CREDITS_FILE); data/d1x-rebirth-0.58.1/main/credits.c:206:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,credits_filename); data/d1x-rebirth-0.58.1/main/credits.c:221:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nfile, "%s.txb", filename); data/d1x-rebirth-0.58.1/main/custom.c:86:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename, newext); data/d1x-rebirth-0.58.1/main/dumpmine.c:81:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(message,format,args); data/d1x-rebirth-0.58.1/main/dumpmine.c:95:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(message,format,args); data/d1x-rebirth-0.58.1/main/dumpmine.c:542:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(my_filename, filename); data/d1x-rebirth-0.58.1/main/dumpmine.c:550:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ErrorMessage, "ERROR: Unable to open output file %s\n", my_filename ); data/d1x-rebirth-0.58.1/main/endlevel.c:1332:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,Secret_level_names[-level_num-1]); data/d1x-rebirth-0.58.1/main/endlevel.c:1334:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,Level_names[level_num-1]); data/d1x-rebirth-0.58.1/main/game.c:449:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(savename, "%sscrn%04d.pcx",SCRNS_DIR, savenum++); data/d1x-rebirth-0.58.1/main/gamecntl.c:457:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename, DEMO_EXT); data/d1x-rebirth-0.58.1/main/gamecntl.c:1274:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( Network_message, "%s %s", TXT_I_AM_A, TXT_CHEATER); data/d1x-rebirth-0.58.1/main/gamefont.c:152:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(font_conf[gf].font[i].f.name,fn); data/d1x-rebirth-0.58.1/main/gamefont.c:160:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(font_conf[gf].font[font_conf[gf].num].f.name,fn); data/d1x-rebirth-0.58.1/main/gamerend.c:309:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(message, "%s (%d%%%% %s)", TXT_DEMO_PLAYBACK, newdemo_get_percent_done(), TXT_DONE); data/d1x-rebirth-0.58.1/main/gamerend.c:315:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (message, "%s (%dK)", TXT_DEMO_RECORDING, (Newdemo_num_written / 1024)); data/d1x-rebirth-0.58.1/main/gamesave.c:1119:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,filename_passed); data/d1x-rebirth-0.58.1/main/gamesave.c:1134:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, filename_passed); // set to what was passed data/d1x-rebirth-0.58.1/main/gamesave.c:1142:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s%s",MISSION_DIR,filename_passed); data/d1x-rebirth-0.58.1/main/gamesave.c:1154:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( Gamesave_current_filename, filename ); data/d1x-rebirth-0.58.1/main/gamesave.c:1209:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ErrorMessage, "Warning: %i errors in %s!\n", Errors_in_mine, Level_being_loaded ); data/d1x-rebirth-0.58.1/main/gameseq.c:724:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(all_hostage_text, "%s%i\n", TXT_FULL_RESCUE_BONUS, all_hostage_points); data/d1x-rebirth-0.58.1/main/gameseq.c:730:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(endgame_text, "%s%i\n", TXT_SHIP_BONUS, endgame_points); data/d1x-rebirth-0.58.1/main/gameseq.c:738:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s%i", TXT_SHIELD_BONUS, shield_points); // Return at start to lower menu... data/d1x-rebirth-0.58.1/main/gameseq.c:739:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s%i", TXT_ENERGY_BONUS, energy_points); data/d1x-rebirth-0.58.1/main/gameseq.c:740:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s%i", TXT_HOSTAGE_BONUS, hostage_points); data/d1x-rebirth-0.58.1/main/gameseq.c:741:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s%i", TXT_SKILL_BONUS, skill_points); data/d1x-rebirth-0.58.1/main/gameseq.c:743:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s", all_hostage_text); data/d1x-rebirth-0.58.1/main/gameseq.c:745:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s", endgame_text); data/d1x-rebirth-0.58.1/main/gameseq.c:747:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s%i\n", TXT_TOTAL_BONUS, shield_points+energy_points+hostage_points+skill_points+all_hostage_points+endgame_points); data/d1x-rebirth-0.58.1/main/gameseq.c:748:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(m_str[c++], "%s%i", TXT_TOTAL_SCORE, Players[Player_num].score); data/d1x-rebirth-0.58.1/main/gameseq.c:758:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title,"%s%s %d %s\n %s %s",is_last_level?"\n\n\n":"\n",TXT_SECRET_LEVEL, -Current_level_num, TXT_COMPLETE, Current_level_name, TXT_DESTROYED); data/d1x-rebirth-0.58.1/main/gameseq.c:760:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title,"%s%s %d %s\n%s %s",is_last_level?"\n\n\n":"\n",TXT_LEVEL, Current_level_num, TXT_COMPLETE, Current_level_name, TXT_DESTROYED); data/d1x-rebirth-0.58.1/main/gameseq.c:806:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(msg, fmt, arglist); data/d1x-rebirth-0.58.1/main/gauges.c:716:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(score_str, "%s: %5d", TXT_KILLS, Players[Player_num].net_kills_total); data/d1x-rebirth-0.58.1/main/gauges.c:718:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(score_str, "%s: %5d", TXT_SCORE, Players[Player_num].score); data/d1x-rebirth-0.58.1/main/gauges.c:786:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(score_str, "%s", TXT_CHEATER); data/d1x-rebirth-0.58.1/main/gauges.c:862:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(score_str, "%s", TXT_CHEATER); data/d1x-rebirth-0.58.1/main/gauges.c:1134:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(weapon_str, "%s %s %i", TXT_QUAD, TXT_LASER, Players[Player_num].laser_level+1); data/d1x-rebirth-0.58.1/main/gauges.c:1136:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(weapon_str, "%s %i", TXT_LASER, Players[Player_num].laser_level+1); data/d1x-rebirth-0.58.1/main/gauges.c:1140:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(weapon_str, "%s: %i", TXT_W_VULCAN_S, f2i(Players[Player_num].primary_ammo[Primary_weapon] * VULCAN_AMMO_SCALE)); data/d1x-rebirth-0.58.1/main/gauges.c:2236:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, Netgame.team_name[i]); data/d1x-rebirth-0.58.1/main/gauges.c:2240:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name,Players[player_num].callsign); // Note link to above if!! data/d1x-rebirth-0.58.1/main/hud.c:136:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message, sizeof(char)*HUD_MESSAGE_LENGTH, format, args); data/d1x-rebirth-0.58.1/main/hud.c:138:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(message, format, args); data/d1x-rebirth-0.58.1/main/inferno.c:424:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Players[Player_num].callsign, GameArg.SysUsePlayersDir? &filename[8] : filename); data/d1x-rebirth-0.58.1/main/menu.c:195:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%s.plr" : "%s.plr", text ); data/d1x-rebirth-0.58.1/main/menu.c:237:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, GameArg.SysUsePlayersDir ? "Players/" : ""); data/d1x-rebirth-0.58.1/main/menu.c:238:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, items[citem]); data/d1x-rebirth-0.58.1/main/menu.c:247:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(plxfile, GameArg.SysUsePlayersDir? "Players/%.8s.plx" : "%.8s.plx", items[citem]); data/d1x-rebirth-0.58.1/main/menu.c:251:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(efffile, GameArg.SysUsePlayersDir? "Players/%.8s.eff" : "%.8s.eff", items[citem]); data/d1x-rebirth-0.58.1/main/menu.c:255:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(ngpfile, GameArg.SysUsePlayersDir? "Players/%.8s.ngp" : "%.8s.ngp", items[citem]); data/d1x-rebirth-0.58.1/main/menu.c:624:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%s.sg%x" : "%s.sg%x", name, i ); data/d1x-rebirth-0.58.1/main/menu.c:626:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%s.mg%x" : "%s.mg%x", name, i ); data/d1x-rebirth-0.58.1/main/menu.c:648:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, DEMO_DIR); data/d1x-rebirth-0.58.1/main/menu.c:649:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name,items[citem]); data/d1x-rebirth-0.58.1/main/menu.c:790:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(info_text,"%s %d",TXT_START_ANY_LEVEL, player_highest_level); data/d1x-rebirth-0.58.1/main/menu.c:1386:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newpath, b->view_path); data/d1x-rebirth-0.58.1/main/mission.c:111:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Briefing_text_filename,BIMD1_BRIEFING_FILE); data/d1x-rebirth-0.58.1/main/mission.c:112:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Ending_text_filename,BIMD1_ENDING_FILE_SHARE); data/d1x-rebirth-0.58.1/main/mission.c:131:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Briefing_text_filename,BIMD1_BRIEFING_FILE); data/d1x-rebirth-0.58.1/main/mission.c:132:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Ending_text_filename,BIMD1_ENDING_FILE_SHARE); data/d1x-rebirth-0.58.1/main/mission.c:157:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Briefing_text_filename,BIMD1_BRIEFING_FILE_OEM); data/d1x-rebirth-0.58.1/main/mission.c:158:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Ending_text_filename,BIMD1_ENDING_FILE_OEM); data/d1x-rebirth-0.58.1/main/mission.c:187:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Briefing_text_filename,BIMD1_BRIEFING_FILE); data/d1x-rebirth-0.58.1/main/mission.c:188:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Ending_text_filename,BIMD1_ENDING_FILE); data/d1x-rebirth-0.58.1/main/mission.c:257:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename2,MISSION_DIR); data/d1x-rebirth-0.58.1/main/mission.c:267:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename2,filename); data/d1x-rebirth-0.58.1/main/mission.c:275:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,filename); data/d1x-rebirth-0.58.1/main/mission.c:337:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mission->mission_name, D1_SHAREWARE_MISSION_NAME); data/d1x-rebirth-0.58.1/main/mission.c:343:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mission->mission_name, D1_OEM_MISSION_NAME); data/d1x-rebirth-0.58.1/main/mission.c:355:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mission->mission_name, D1_MISSION_NAME); data/d1x-rebirth-0.58.1/main/mission.c:377:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rel_path, *i); data/d1x-rebirth-0.58.1/main/mission.c:412:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, mission_name); data/d1x-rebirth-0.58.1/main/mission.c:437:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(hogpath, MISSION_DIR "%s.hog", Current_mission->path); data/d1x-rebirth-0.58.1/main/mission.c:558:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf,MISSION_DIR); data/d1x-rebirth-0.58.1/main/mission.c:566:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, mission->path); data/d1x-rebirth-0.58.1/main/mission.c:664:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Level_names[i],buf); data/d1x-rebirth-0.58.1/main/mission.c:706:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Secret_level_names[i],buf); data/d1x-rebirth-0.58.1/main/mission.c:764:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GameCfg.LastMission, list[citem]); data/d1x-rebirth-0.58.1/main/multi.c:610:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(killed_name, "%s (%s)", Players[killed_pnum].callsign, Netgame.team_name[get_team(killed_pnum)]); data/d1x-rebirth-0.58.1/main/multi.c:612:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(killed_name, "%s", Players[killed_pnum].callsign); data/d1x-rebirth-0.58.1/main/multi.c:653:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(killer_name, "%s (%s)", Players[killer_pnum].callsign, Netgame.team_name[get_team(killer_pnum)]); data/d1x-rebirth-0.58.1/main/multi.c:655:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(killer_name, "%s", Players[killer_pnum].callsign); data/d1x-rebirth-0.58.1/main/multi.c:1064:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(feedback_result, "%s ", TXT_MESSAGE_SENT_TO); data/d1x-rebirth-0.58.1/main/multi.c:1067:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(feedback_result+strlen(feedback_result), "%s '%s'", TXT_TEAM, Netgame.team_name[atoi(Network_message)-1]); data/d1x-rebirth-0.58.1/main/multi.c:1081:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(feedback_result+strlen(feedback_result), "%s '%s'", TXT_TEAM, Netgame.team_name[i]); data/d1x-rebirth-0.58.1/main/multi.c:1094:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(feedback_result+strlen(feedback_result), "%s", Players[i].callsign); data/d1x-rebirth-0.58.1/main/multi.c:1098:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(feedback_result, TXT_NOBODY); data/d1x-rebirth-0.58.1/main/multi.c:1140:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Network_message, PlayerCfg.NetworkMessageMacro[key]); data/d1x-rebirth-0.58.1/main/multi.c:1181:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (Network_message,"%s has tried to cheat!",Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/multi.c:1185:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (Network_message,"%s handicap is now %d",Players[Player_num].callsign,StartingShields); data/d1x-rebirth-0.58.1/main/multi.c:1226:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (Network_message,"%s has changed teams!",Players[i].callsign); data/d1x-rebirth-0.58.1/main/multi.c:1332:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( PlayerCfg.NetworkMessageMacro[multi_defining_message-1], Network_message ); data/d1x-rebirth-0.58.1/main/multi.c:1393:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pcolon+1, ptext ); data/d1x-rebirth-0.58.1/main/multi.c:1395:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( Network_message, ptext ); data/d1x-rebirth-0.58.1/main/multi.c:1498:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&mesbuf[2], Players[(int)buf[1]].callsign); data/d1x-rebirth-0.58.1/main/multi.c:1519:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&mesbuf[2], Players[(int)buf[1]].callsign); data/d1x-rebirth-0.58.1/main/multi.c:3204:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Players[new_Player_num].callsign,buf); data/d1x-rebirth-0.58.1/main/multi.c:3633:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%s.mg%d" : "%s.mg%d", Players[Player_num].callsign, slot); data/d1x-rebirth-0.58.1/main/multi.c:3649:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%s.mg%d" : "%s.mg%d", Players[Player_num].callsign, slot); data/d1x-rebirth-0.58.1/main/net_udp.c:2789:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( menus[N_players-1].text, "%d. %-20s", N_players,Netgame.players[N_players-1].callsign ); data/d1x-rebirth-0.58.1/main/net_udp.c:2791:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( menus[N_players-1].text, "%d. %s%-20s", N_players, RankStrings[Netgame.players[N_players-1].rank],Netgame.players[N_players-1].callsign ); data/d1x-rebirth-0.58.1/main/net_udp.c:2812:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( menus[i].text, "%d. %-20s", i+1, Netgame.players[i].callsign ); data/d1x-rebirth-0.58.1/main/net_udp.c:2814:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( menus[i].text, "%d. %s%-20s", i+1, RankStrings[Netgame.players[i].rank],Netgame.players[i].callsign ); data/d1x-rebirth-0.58.1/main/net_udp.c:2872:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( srinvul, "%s: %d %s", TXT_REACTOR_LIFE, Netgame.control_invul_time/F1_0/60, TXT_MINUTES_ABBREV ); data/d1x-rebirth-0.58.1/main/net_udp.c:2876:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( PlayText, "Max time: %d %s", Netgame.PlayTimeAllowed*5, TXT_MINUTES_ABBREV ); data/d1x-rebirth-0.58.1/main/net_udp.c:2970:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( menus[opt_cinvul].text, "%s: %d %s", TXT_REACTOR_LIFE, menus[opt_cinvul].value*5, TXT_MINUTES_ABBREV ); data/d1x-rebirth-0.58.1/main/net_udp.c:2981:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( menus[opt_playtime].text, "Max Time: %d %s", Netgame.PlayTimeAllowed*5, TXT_MINUTES_ABBREV ); data/d1x-rebirth-0.58.1/main/net_udp.c:3173:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( Netgame.game_name, "%s%s", Players[Player_num].callsign, TXT_S_GAME ); data/d1x-rebirth-0.58.1/main/net_udp.c:3196:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Netgame.mission_name, Current_mission_filename); data/d1x-rebirth-0.58.1/main/net_udp.c:3197:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Netgame.mission_title, Current_mission_longname); data/d1x-rebirth-0.58.1/main/net_udp.c:3209:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(level_text, "%s (1-%d)", TXT_LEVEL_, Last_level); data/d1x-rebirth-0.58.1/main/net_udp.c:3465:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(team_names[0], "%s", TXT_BLUE); data/d1x-rebirth-0.58.1/main/net_udp.c:3466:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(team_names[1], "%s", TXT_RED); data/d1x-rebirth-0.58.1/main/net_udp.c:3508:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Netgame.team_name[0], team_names[0]); data/d1x-rebirth-0.58.1/main/net_udp.c:3509:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Netgame.team_name[1], team_names[1]); data/d1x-rebirth-0.58.1/main/net_udp.c:3536:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( text[i], "%d. %-20s", i+1, "" ); data/d1x-rebirth-0.58.1/main/net_udp.c:3548:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( text[0], "%d. %-20s", 1, Players[Player_num].callsign ); data/d1x-rebirth-0.58.1/main/net_udp.c:3550:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( text[0], "%d. %s%-20s", 1, RankStrings[Netgame.players[Player_num].rank],Players[Player_num].callsign ); data/d1x-rebirth-0.58.1/main/net_udp.c:3551:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( title, "%s %d %s", TXT_TEAM_SELECT, Netgame.max_numplayers, TXT_TEAM_PRESS_ENTER ); data/d1x-rebirth-0.58.1/main/net_udp.c:3729:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( m[0].text, "%s\n'%s' %s", TXT_NET_WAITING, Netgame.players[i].callsign, TXT_NET_TO_ENTER ); data/d1x-rebirth-0.58.1/main/net_udp.c:4867:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (RefusePlayerName,their->player.callsign); data/d1x-rebirth-0.58.1/main/net_udp.c:5100:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. info+=sprintf(info,"\nConnected to\n\"%s\"\n",netgame->game_name); data/d1x-rebirth-0.58.1/main/net_udp.c:5105:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. info+=sprintf(info,"%s",netgame->mission_title); data/d1x-rebirth-0.58.1/main/net_udp.c:5116:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. info+=sprintf (info,"\n\nDifficulty: %s",MENU_DIFFICULTY_TEXT(netgame->difficulty)); data/d1x-rebirth-0.58.1/main/net_udp.c:5118:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. info+=sprintf (info,"\nGame Mode: %s",gamemode < (sizeof(GMNames) / sizeof(GMNames[0])) ? GMNames[gamemode] : "INVALID"); data/d1x-rebirth-0.58.1/main/newdemo.c:3214:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (newfile, "%s%d", filename, num); data/d1x-rebirth-0.58.1/main/newdemo.c:3237:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(save_file, DEMO_DIR); data/d1x-rebirth-0.58.1/main/newdemo.c:3238:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(save_file, filename); data/d1x-rebirth-0.58.1/main/newdemo.c:3239:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(save_file, DEMO_EXT); data/d1x-rebirth-0.58.1/main/newdemo.c:3241:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (save_file, "%stmp%d.dem", DEMO_DIR, tmpcnt++); data/d1x-rebirth-0.58.1/main/newdemo.c:3262:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fullname, m[1].text); data/d1x-rebirth-0.58.1/main/newdemo.c:3264:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fullname, m[0].text); data/d1x-rebirth-0.58.1/main/newdemo.c:3265:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fullname, DEMO_EXT); data/d1x-rebirth-0.58.1/main/newdemo.c:3298:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename2, filename); data/d1x-rebirth-0.58.1/main/newdemo.c:3321:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename2, *i); data/d1x-rebirth-0.58.1/main/newdemo.c:3399:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(inpath, filename); data/d1x-rebirth-0.58.1/main/newmenu.c:360:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. i = sprintf( item->saved_text, "%s\t%s", item->text, SLIDER_LEFT ); data/d1x-rebirth-0.58.1/main/newmenu.c:362:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. i += sprintf( item->saved_text + i, "%s", SLIDER_MIDDLE ); data/d1x-rebirth-0.58.1/main/newmenu.c:364:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( item->saved_text + i, "%s", SLIDER_RIGHT ); data/d1x-rebirth-0.58.1/main/newmenu.c:731:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(slider_text, menu->items[menu->citem].saved_text); data/d1x-rebirth-0.58.1/main/newmenu.c:771:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(menu->items[old_choice].text, menu->items[old_choice].saved_text ); data/d1x-rebirth-0.58.1/main/newmenu.c:846:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(menu->items[menu->citem].text, menu->items[menu->citem].saved_text ); data/d1x-rebirth-0.58.1/main/newmenu.c:918:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(menu->items[old_choice].text, menu->items[old_choice].saved_text ); data/d1x-rebirth-0.58.1/main/newmenu.c:935:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(menu->items[old_choice].text, menu->items[old_choice].saved_text ); data/d1x-rebirth-0.58.1/main/newmenu.c:1032:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(item->text, item->saved_text ); data/d1x-rebirth-0.58.1/main/newmenu.c:1217:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. index = sprintf( menu->items[i].saved_text, "%s", SLIDER_LEFT ); data/d1x-rebirth-0.58.1/main/newmenu.c:1219:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. index+= sprintf( menu->items[i].saved_text + index, "%s", SLIDER_MIDDLE ); data/d1x-rebirth-0.58.1/main/newmenu.c:1221:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( menu->items[i].saved_text + index, "%s", SLIDER_RIGHT ); data/d1x-rebirth-0.58.1/main/newmenu.c:1266:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(menu->items[i].saved_text, menu->items[i].text ); data/d1x-rebirth-0.58.1/main/newmenu.c:1624:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(nm_text,format,args); data/d1x-rebirth-0.58.1/main/newmenu.c:1651:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(nm_text,format,args); data/d1x-rebirth-0.58.1/main/newmenu.c:2187:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(nm_text,format,args); data/d1x-rebirth-0.58.1/main/piggy.c:412:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_name, "%s#%d", temp_name_read, bmh.dflags & 63 ); data/d1x-rebirth-0.58.1/main/piggy.c:414:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( temp_name, temp_name_read ); data/d1x-rebirth-0.58.1/main/piggy.c:915:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( sndh.name, AllSounds[i].name ); data/d1x-rebirth-0.58.1/main/piggy.c:1023:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( subst_name, name ); data/d1x-rebirth-0.58.1/main/piggy.c:1028:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( base_name, subst_name ); data/d1x-rebirth-0.58.1/main/piggy.c:1030:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( subst_name, "%s#%d", base_name, frame+1 ); data/d1x-rebirth-0.58.1/main/piggy.c:1033:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( subst_name, "%s#%d", base_name, frame-1 ); data/d1x-rebirth-0.58.1/main/piggy.c:1039:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( subst_name, name ); data/d1x-rebirth-0.58.1/main/playsave.c:107:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(PlayerCfg.NetworkMessageMacro[0], TXT_DEF_MACRO_1); data/d1x-rebirth-0.58.1/main/playsave.c:108:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(PlayerCfg.NetworkMessageMacro[1], TXT_DEF_MACRO_2); data/d1x-rebirth-0.58.1/main/playsave.c:109:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(PlayerCfg.NetworkMessageMacro[2], TXT_DEF_MACRO_3); data/d1x-rebirth-0.58.1/main/playsave.c:110:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(PlayerCfg.NetworkMessageMacro[3], TXT_DEF_MACRO_4); data/d1x-rebirth-0.58.1/main/playsave.c:451:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename,PATH_MAX,GameArg.SysUsePlayersDir?"Players/%s.eff":"%s.eff",Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/playsave.c:512:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir?"Players/%s.eff":"%s.eff", Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/playsave.c:588:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tempfile,filename); data/d1x-rebirth-0.58.1/main/playsave.c:700:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%.8s.plr" : "%.8s.plr", Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/playsave.c:899:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(PlayerCfg.HighestLevels[i].Shortname, Current_mission_filename); data/d1x-rebirth-0.58.1/main/playsave.c:958:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%.8s.plx" : "%.8s.plx", Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/playsave.c:961:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%.8s.plr" : "%.8s.plr", Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/playsave.c:1050:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%.8s.ngp" : "%.8s.ngp", Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/playsave.c:1124:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, PATH_MAX, GameArg.SysUsePlayersDir? "Players/%.8s.ngp" : "%.8s.ngp", Players[Player_num].callsign); data/d1x-rebirth-0.58.1/main/polyobj.c:676:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Pof_names[N_polygon_models],filename); data/d1x-rebirth-0.58.1/main/scores.c:89:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( scores->cool_saying, "%s", TXT_REGISTER_DESCENT ); data/d1x-rebirth-0.58.1/main/scores.c:170:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( stats->name, Players[Player_num].callsign ); data/d1x-rebirth-0.58.1/main/scores.c:270:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer,format,args); data/d1x-rebirth-0.58.1/main/state.c:583:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( filename[i], PATH_MAX, GameArg.SysUsePlayersDir? "Players/%s.%sg%x" : "%s.%sg%x", Players[Player_num].callsign, (Game_mode & GM_MULTI_COOP)?"m":"s", i ); data/d1x-rebirth-0.58.1/main/state.c:613:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( desc[i], TXT_EMPTY ); data/d1x-rebirth-0.58.1/main/state.c:645:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( fname, filename[choice-1] ); data/d1x-rebirth-0.58.1/main/state.c:646:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ( dsc != NULL ) strcpy( dsc, desc[choice-1] ); data/d1x-rebirth-0.58.1/main/state.c:680:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( filename, PATH_MAX, (GameArg.SysUsePlayersDir?"Players/%s.sg%d":"%s.sg%d"), sg_player->callsign, slotnum ); data/d1x-rebirth-0.58.1/main/state.c:1205:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( org_callsign, Players[0].callsign ); data/d1x-rebirth-0.58.1/main/state.c:1211:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( org_callsign, Players[Player_num].callsign ); data/d1x-rebirth-0.58.1/main/state.c:1226:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( Players[Player_num].callsign, org_callsign ); data/d1x-rebirth-0.58.1/main/text.c:283:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf,p+2); data/d1x-rebirth-0.58.1/main/text.c:284:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p+1,buf); data/d1x-rebirth-0.58.1/main/text.c:306:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, Text_string[i]); data/d1x-rebirth-0.58.1/main/text.c:307:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, extra); data/d1x-rebirth-0.58.1/main/titles.c:146:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new_filename,filename); data/d1x-rebirth-0.58.1/misc/error.c:71:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(exit_message+strlen(exit_message),fmt,arglist); data/d1x-rebirth-0.58.1/misc/error.c:92:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(warn_message+strlen(warn_message),fmt,arglist); data/d1x-rebirth-0.58.1/misc/ignorecase.c:75:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, *i); /* found a match. Overwrite with this case. */ data/d1x-rebirth-0.58.1/misc/physfsx.c:44:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(base_dir, PHYSFS_getBaseDir()); data/d1x-rebirth-0.58.1/misc/physfsx.c:73:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullPath, home); // prepend home to the path data/d1x-rebirth-0.58.1/misc/physfsx.c:89:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ancestor, fullPath); data/d1x-rebirth-0.58.1/misc/physfsx.c:103:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(child, fullPath + strlen(ancestor)); data/d1x-rebirth-0.58.1/misc/strutil.c:32:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. void snprintf(char *out_string, int size, char * format, ... ) data/d1x-rebirth-0.58.1/misc/strutil.c:38:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf,format,args); data/d1x-rebirth-0.58.1/misc/strutil.c:54:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newstr, str); data/d1x-rebirth-0.58.1/misc/strutil.c:134:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newstr, str); data/d1x-rebirth-0.58.1/misc/strutil.c:150:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out, filename); data/d1x-rebirth-0.58.1/misc/strutil.c:159:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dest, src); data/d1x-rebirth-0.58.1/misc/strutil.c:173:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p+1,ext); data/d1x-rebirth-0.58.1/misc/strutil.c:185:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(drive, p); data/d1x-rebirth-0.58.1/misc/strutil.c:201:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, p); data/d1x-rebirth-0.58.1/misc/strutil.c:214:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(base, p); data/d1x-rebirth-0.58.1/misc/strutil.c:224:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ext, p); data/d1x-rebirth-0.58.1/misc/strutil.c:281:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(next_str, str); data/d1x-rebirth-0.58.1/ui/button.c:113:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( button->text, text ); data/d1x-rebirth-0.58.1/ui/checkbox.c:72:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(checkbox->text,text); data/d1x-rebirth-0.58.1/ui/dialog.c:568:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer,format,args); data/d1x-rebirth-0.58.1/ui/dialog.c:581:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer,format,args); data/d1x-rebirth-0.58.1/ui/file.c:46:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, dir); data/d1x-rebirth-0.58.1/ui/file.c:58:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(test_filename, *i); data/d1x-rebirth-0.58.1/ui/file.c:175:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b->user_file->text, b->directory_list[b->listbox2->current_item]); data/d1x-rebirth-0.58.1/ui/file.c:226:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b->view_dir, b->filename); data/d1x-rebirth-0.58.1/ui/file.c:280:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b->view_dir, filename); data/d1x-rebirth-0.58.1/ui/file.c:281:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(InputText, p); data/d1x-rebirth-0.58.1/ui/file.c:286:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(InputText, filename); data/d1x-rebirth-0.58.1/ui/file.c:365:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, list[x - 1]); data/d1x-rebirth-0.58.1/ui/icon.c:114:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( icon->text, text ); data/d1x-rebirth-0.58.1/ui/keypad.c:345:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[0], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:347:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[1], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:349:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[2], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:351:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[3], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:355:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[0], "%s%s\n", KeyPad[n]->buttontext[0],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:357:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[1], "%s%s\n", KeyPad[n]->buttontext[1],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:359:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[2], "%s%s\n", KeyPad[n]->buttontext[2],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:361:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[3], "%s%s\n", KeyPad[n]->buttontext[3],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:365:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[0], "%s%s", KeyPad[n]->buttontext[0],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:367:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[1], "%s%s", KeyPad[n]->buttontext[1],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:369:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[2], "%s%s", KeyPad[n]->buttontext[2],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:371:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[3], "%s%s", KeyPad[n]->buttontext[3],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:376:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[4], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:378:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[5], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:380:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[6], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:382:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[7], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:386:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[4], "%s%s\n", KeyPad[n]->buttontext[4],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:388:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[5], "%s%s\n", KeyPad[n]->buttontext[5],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:390:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[6], "%s%s\n", KeyPad[n]->buttontext[6],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:392:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[7], "%s%s\n", KeyPad[n]->buttontext[7],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:396:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[4], "%s%s", KeyPad[n]->buttontext[4],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:398:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[5], "%s%s", KeyPad[n]->buttontext[5],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:400:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[6], "%s%s", KeyPad[n]->buttontext[6],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:402:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[7], "%s%s\n", KeyPad[n]->buttontext[7],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:408:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[7], "%s%s\n", KeyPad[n]->buttontext[7],ptr ); data/d1x-rebirth-0.58.1/ui/keypad.c:413:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[8], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:415:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[9], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:417:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[10], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:419:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[7], "%s%s\n", KeyPad[n]->buttontext[7],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:423:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[8], "%s%s\n", KeyPad[n]->buttontext[8],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:425:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[9], "%s%s\n", KeyPad[n]->buttontext[9],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:427:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[10], "%s%s\n", KeyPad[n]->buttontext[10],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:429:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[7], "%s%s\n", KeyPad[n]->buttontext[7],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:433:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[8], "%s%s", KeyPad[n]->buttontext[8],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:435:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[9], "%s%s", KeyPad[n]->buttontext[9],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:437:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[10], "%s%s", KeyPad[n]->buttontext[10],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:439:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[7], "%s%s", KeyPad[n]->buttontext[7],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:444:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[11], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:446:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[12], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:448:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[13], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:450:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[14], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:454:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[11], "%s%s\n", KeyPad[n]->buttontext[11],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:456:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[12], "%s%s\n", KeyPad[n]->buttontext[12],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:458:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[13], "%s%s\n", KeyPad[n]->buttontext[13],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:460:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[14], "%s%s\n", KeyPad[n]->buttontext[14],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:464:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[11], "%s%s", KeyPad[n]->buttontext[11],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:466:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[12], "%s%s", KeyPad[n]->buttontext[12],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:468:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[13], "%s%s", KeyPad[n]->buttontext[13],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:470:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[14], "%s%s\n", KeyPad[n]->buttontext[14],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:476:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[14], "%s%s\n", KeyPad[n]->buttontext[14], ptr ); data/d1x-rebirth-0.58.1/ui/keypad.c:481:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[15], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:483:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[16], "%s\n", text ); data/d1x-rebirth-0.58.1/ui/keypad.c:485:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[14], "%s%s\n", KeyPad[n]->buttontext[14],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:489:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[15], "%s%s\n", KeyPad[n]->buttontext[15],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:491:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[16], "%s%s\n", KeyPad[n]->buttontext[16],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:493:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[14], "%s%s\n", KeyPad[n]->buttontext[14],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:497:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[15], "%s%s", KeyPad[n]->buttontext[15],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:499:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[16], "%s%s", KeyPad[n]->buttontext[16],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:501:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( KeyPad[n]->buttontext[14], "%s%s", KeyPad[n]->buttontext[14],text ); data/d1x-rebirth-0.58.1/ui/keypad.c:512:3: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(line_buffer, " %s %s ", text, buffer); data/d1x-rebirth-0.58.1/ui/keypress.c:73:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( text, "%s%s%s%s", Ctrl, Alt, Shift, KeyDesc[keypress & 255 ] ); data/d1x-rebirth-0.58.1/ui/menubar.c:800:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buf2, " %s ", buf1 ); data/d1x-rebirth-0.58.1/editor/med.c:693:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ok = spawnl(P_WAIT,getenv("COMSPEC"), NULL ); data/d1x-rebirth-0.58.1/include/loadgl.h:1160:11: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. handle = LoadLibrary(name); data/d1x-rebirth-0.58.1/include/physfsx.h:333:71: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. extern char **PHYSFSX_findabsoluteFiles(const char *path, const char *realpath, const char *const *exts); data/d1x-rebirth-0.58.1/main/gameseq.c:107:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void StartLevel(int random); data/d1x-rebirth-0.58.1/main/gameseq.c:1213:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void InitPlayerPosition(int random) data/d1x-rebirth-0.58.1/main/gameseq.c:1294:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void StartLevel(int random) data/d1x-rebirth-0.58.1/main/gameseq.c:1298:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. InitPlayerPosition(random); data/d1x-rebirth-0.58.1/maths/rand.c:10:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/d1x-rebirth-0.58.1/misc/physfsx.c:354:64: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. char **PHYSFSX_findabsoluteFiles(const char *path, const char *realpath, const char *const *exts) data/d1x-rebirth-0.58.1/misc/physfsx.c:370:51: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (ext && *k && (!strcmp(PHYSFS_getRealDir(*i),realpath))) data/d1x-rebirth-0.58.1/2d/bitblt.c:43:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest,source,nbytes); data/d1x-rebirth-0.58.1/2d/bitblt.c:631:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buf[1024*1024]; data/d1x-rebirth-0.58.1/2d/bitblt.c:667:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf, bm->bm_data, sizeof(unsigned char)*(bm->bm_w*bm->bm_h)); data/d1x-rebirth-0.58.1/2d/font.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_LEN]; data/d1x-rebirth-0.58.1/2d/font.c:899:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/d1x-rebirth-0.58.1/2d/font.c:909:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/d1x-rebirth-0.58.1/2d/font.c:972:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_id[4]; data/d1x-rebirth-0.58.1/2d/pcx.c:115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &header, p, sizeof(PCXHeader) ); data/d1x-rebirth-0.58.1/2d/rle.c:312:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( rle_data, &doffset, 4 ); data/d1x-rebirth-0.58.1/2d/rle.c:313:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( bmp->bm_data, rle_data, doffset ); data/d1x-rebirth-0.58.1/2d/rle.c:626:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bmp->bm_data, temp, len); data/d1x-rebirth-0.58.1/2d/rle.c:677:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bmp->bm_data, temp, len); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:78:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (((unsigned char *) theKeyMap)[6] & 0x80) { data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:145:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(STDOUT_FILE, "rb"); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:153:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(STDERR_FILE, "rb"); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:178:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (name, process_fsp.name, process_fsp.name[0] + 1); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:207:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefs_name + 1, app_name + 1, app_name[0]); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:208:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefs_name + app_name[0] + 1, SUFFIX, strlen (SUFFIX)); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:217:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefs_fsp->name, prefs_name, prefs_name[0] + 1); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:242:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefs->command_line, *prefs_handle, (*prefs_handle)[0]+1); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:246:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefs->video_driver_name, *prefs_handle + offset, (*prefs_handle)[offset] + 1); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:279:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*prefs_handle, prefs->command_line, prefs->command_line[0] + 1); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:283:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*prefs_handle + offset, prefs->video_driver_name, prefs->video_driver_name[0] + 1); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:500:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefs.video_driver_name, "\pDSp", 4); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:504:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefs.video_driver_name, "\ptoolbox", 8); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:536:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (commandLine, appNameText + 1, appNameText[0]); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:538:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (commandLine + appNameText[0] + 1, prefs.command_line + 1, prefs.command_line[0]); data/d1x-rebirth-0.58.1/arch/include/key.h:42:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char unicode_frame_buffer[KEY_BUFFER_SIZE]; data/d1x-rebirth-0.58.1/arch/ogl/gr.c:723:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sdl_driver[32]; data/d1x-rebirth-0.58.1/arch/ogl/gr.c:1019:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char TGAheader[12]; data/d1x-rebirth-0.58.1/arch/ogl/gr.c:1020:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[6]; data/d1x-rebirth-0.58.1/arch/ogl/gr.c:1083:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savename[13+sizeof(SCRNS_DIR)]; data/d1x-rebirth-0.58.1/arch/ogl/ogl.c:1578:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufP, data, w); data/d1x-rebirth-0.58.1/arch/ogl/ogl.c:1640:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char decodebuf[1024*1024]; data/d1x-rebirth-0.58.1/arch/ogl/ogl.c:1657:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[64]; data/d1x-rebirth-0.58.1/arch/sdl/digi_mixer.c:126:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cvt.buf, data, dlen); data/d1x-rebirth-0.58.1/arch/sdl/digi_mixer_music.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[PATH_MAX]; data/d1x-rebirth-0.58.1/arch/sdl/joy.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/d1x-rebirth-0.58.1/arch/sdl/joy.c:190:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "J%d A%d", i + 1, j + 1); data/d1x-rebirth-0.58.1/arch/sdl/joy.c:196:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "J%d B%d", i + 1, j + 1); data/d1x-rebirth-0.58.1/arch/sdl/joy.c:204:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "J%d H%d%c", i + 1, j + 1, 0202); data/d1x-rebirth-0.58.1/arch/sdl/joy.c:206:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "J%d H%d%c", i + 1, j + 1, 0177); data/d1x-rebirth-0.58.1/arch/sdl/joy.c:208:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "J%d H%d%c", i + 1, j + 1, 0200); data/d1x-rebirth-0.58.1/arch/sdl/joy.c:210:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "J%d H%d%c", i + 1, j + 1, 0201); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:34:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hud_msg_buf[MUSIC_HUDMSG_MAXLEN+4]; data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:76:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(abspath, "rb"); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:264:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hud_msg_buf, "..."); data/d1x-rebirth-0.58.1/arch/sdl/key.c:27:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. volatile unsigned char keyd_pressed[256]; data/d1x-rebirth-0.58.1/arch/sdl/key.c:29:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char unicode_frame_buffer[KEY_BUFFER_SIZE] = { '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0' }; data/d1x-rebirth-0.58.1/arch/sdl/key.c:329:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char unibuffer[KEY_BUFFER_SIZE] = { '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0' }; data/d1x-rebirth-0.58.1/arch/sdl/key.c:347:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char unibuffer_shift[KEY_BUFFER_SIZE]; data/d1x-rebirth-0.58.1/arch/sdl/key.c:349:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unibuffer_shift,unibuffer+1,sizeof(unsigned char)*(KEY_BUFFER_SIZE-1)); data/d1x-rebirth-0.58.1/arch/sdl/key.c:350:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unibuffer,unibuffer_shift,sizeof(unsigned char)*KEY_BUFFER_SIZE); data/d1x-rebirth-0.58.1/editor/autosave.c:48:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char undo_status[10][100]; data/d1x-rebirth-0.58.1/editor/autosave.c:73:35: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if ( !strcmp(delname, "*.MIN") ) strcpy(delname, "TEMP.MIN"); data/d1x-rebirth-0.58.1/editor/autosave.c:76:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ext, ".M%d", i ); data/d1x-rebirth-0.58.1/editor/autosave.c:96:40: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if ( !strcmp(savename, "*.MIN") ) strcpy(savename, "TEMP.MIN"); data/d1x-rebirth-0.58.1/editor/autosave.c:99:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ext, ".M%d", Autosave_count ); data/d1x-rebirth-0.58.1/editor/autosave.c:117:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void print_clock( int seconds, char message[10] ) { data/d1x-rebirth-0.58.1/editor/autosave.c:135:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char the_time[14]; // changed from 10, I don't think that was long enough data/d1x-rebirth-0.58.1/editor/centers.c:65:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char center_names[MAX_CENTER_TYPES][CENTER_STRING_LENGTH] = { data/d1x-rebirth-0.58.1/editor/group.c:1037:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char current_tmap_list[MAX_TEXTURES][13]; data/d1x-rebirth-0.58.1/editor/group.c:1049:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[100]; data/d1x-rebirth-0.58.1/editor/group.c:1178:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char old_tmap_list[MAX_TEXTURES][13]; data/d1x-rebirth-0.58.1/editor/group.c:1187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/editor/group.c:1419:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_filename[PATH_MAX] = "*.GRP"; data/d1x-rebirth-0.58.1/editor/group.c:1458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/editor/group.c:1463:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ErrorMessage, "ERROR: No current group." ); data/d1x-rebirth-0.58.1/editor/group.c:1904:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Delete Group UNDONE."); data/d1x-rebirth-0.58.1/editor/group.c:1927:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Mark Group Segment UNDONE."); data/d1x-rebirth-0.58.1/editor/info.c:78:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_NONE: strcpy(name, "OBJ_NONE "); break; data/d1x-rebirth-0.58.1/editor/info.c:79:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_WALL: strcpy(name, "OBJ_WALL "); break; data/d1x-rebirth-0.58.1/editor/info.c:80:23: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_FIREBALL: strcpy(name, "OBJ_FIREBALL"); break; data/d1x-rebirth-0.58.1/editor/info.c:81:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_ROBOT: strcpy(name, "OBJ_ROBOT "); break; data/d1x-rebirth-0.58.1/editor/info.c:82:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_HOSTAGE: strcpy(name, "OBJ_HOSTAGE "); break; data/d1x-rebirth-0.58.1/editor/info.c:83:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_PLAYER: strcpy(name, "OBJ_PLAYER "); break; data/d1x-rebirth-0.58.1/editor/info.c:84:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_WEAPON: strcpy(name, "OBJ_WEAPON "); break; data/d1x-rebirth-0.58.1/editor/info.c:85:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_CAMERA: strcpy(name, "OBJ_CAMERA "); break; data/d1x-rebirth-0.58.1/editor/info.c:86:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case OBJ_POWERUP: strcpy(name, "OBJ_POWERUP "); break; data/d1x-rebirth-0.58.1/editor/info.c:87:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. default: strcpy(name, " (unknown) "); break; data/d1x-rebirth-0.58.1/editor/info.c:96:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case CT_NONE: strcpy(name, "CT_NONE "); break; data/d1x-rebirth-0.58.1/editor/info.c:97:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case CT_AI: strcpy(name, "CT_AI "); break; data/d1x-rebirth-0.58.1/editor/info.c:98:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case CT_EXPLOSION: strcpy(name, "CT_EXPLOSION "); break; data/d1x-rebirth-0.58.1/editor/info.c:100:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case CT_FLYING: strcpy(name, "CT_FLYING "); break; data/d1x-rebirth-0.58.1/editor/info.c:101:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case CT_SLEW: strcpy(name, "CT_SLEW "); break; data/d1x-rebirth-0.58.1/editor/info.c:102:25: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case CT_FLYTHROUGH: strcpy(name, "CT_FLYTHROUGH "); break; data/d1x-rebirth-0.58.1/editor/info.c:105:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case CT_WEAPON: strcpy(name, "CT_WEAPON "); break; data/d1x-rebirth-0.58.1/editor/info.c:106:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. default: strcpy(name, " (unknown) "); break; data/d1x-rebirth-0.58.1/editor/info.c:114:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case MT_NONE: strcpy(name, "MT_NONE "); break; data/d1x-rebirth-0.58.1/editor/info.c:115:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case MT_PHYSICS: strcpy(name, "MT_PHYSICS "); break; data/d1x-rebirth-0.58.1/editor/info.c:117:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. default: strcpy(name, " (unknown) "); break; data/d1x-rebirth-0.58.1/editor/info.c:131:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case AIB_STILL: strcpy(name, "STILL "); break; data/d1x-rebirth-0.58.1/editor/info.c:132:23: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case AIB_NORMAL: strcpy(name, "NORMAL "); break; data/d1x-rebirth-0.58.1/editor/info.c:133:22: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case AIB_HIDE: strcpy(name, "HIDE "); break; data/d1x-rebirth-0.58.1/editor/info.c:134:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case AIB_RUN_FROM: strcpy(name, "RUN_FROM "); break; data/d1x-rebirth-0.58.1/editor/info.c:135:26: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case AIB_FOLLOW_PATH: strcpy(name, "FOLLOW_PATH "); break; data/d1x-rebirth-0.58.1/editor/info.c:136:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. default: strcpy(name, " (unknown) "); break; data/d1x-rebirth-0.58.1/editor/info.c:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/d1x-rebirth-0.58.1/editor/info.c:186:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/d1x-rebirth-0.58.1/editor/info.c:194:28: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case SEGSIZEMODE_FREE: strcpy(name, "free "); break; data/d1x-rebirth-0.58.1/editor/info.c:195:27: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case SEGSIZEMODE_ALL: strcpy(name, "all "); break; data/d1x-rebirth-0.58.1/editor/info.c:196:30: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case SEGSIZEMODE_CURSIDE: strcpy(name, "curside"); break; data/d1x-rebirth-0.58.1/editor/info.c:197:28: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case SEGSIZEMODE_EDGE: strcpy(name, "edge "); break; data/d1x-rebirth-0.58.1/editor/info.c:198:29: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case SEGSIZEMODE_VERTEX: strcpy(name, "vertex "); break; data/d1x-rebirth-0.58.1/editor/kbuild.c:35:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Bridge segment UNDONE."); data/d1x-rebirth-0.58.1/editor/kbuild.c:54:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Joint undone."); data/d1x-rebirth-0.58.1/editor/kbuild.c:76:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Joint segment undone."); data/d1x-rebirth-0.58.1/editor/kbuild.c:102:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Sloppy Joint segment undone."); data/d1x-rebirth-0.58.1/editor/kbuild.c:145:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Sloppy Joint segment undone."); data/d1x-rebirth-0.58.1/editor/kbuild.c:170:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Adjacent Joint segment UNDONE."); data/d1x-rebirth-0.58.1/editor/kbuild.c:196:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "All Adjacent Joint segments UNDONE."); data/d1x-rebirth-0.58.1/editor/kcurve.c:47:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Curve Generation UNDONE.\n"); data/d1x-rebirth-0.58.1/editor/kgame.c:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char game_filename[PATH_MAX] = "*.RDL"; data/d1x-rebirth-0.58.1/editor/kgame.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Message[200]; data/d1x-rebirth-0.58.1/editor/kgame.c:90:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Message, "Game State has not been restored...\nContinue?\n"); data/d1x-rebirth-0.58.1/editor/kgame.c:165:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(game_filename,"*.LVL"); data/d1x-rebirth-0.58.1/editor/kmine.c:39:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mine_filename[PATH_MAX] = "*.MIN"; data/d1x-rebirth-0.58.1/editor/kmine.c:40:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sit_filename[PATH_MAX] = "*.SIT"; data/d1x-rebirth-0.58.1/editor/kmine.c:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/editor/kmine.c:95:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ErrorMessage, "Save Mine not available in demo version.\n"); data/d1x-rebirth-0.58.1/editor/kmine.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mine_name[MAX_NAME_LENGTH]; data/d1x-rebirth-0.58.1/editor/kmine.c:192:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/editor/ksegsel.c:145:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Mark Segment UNDONE."); data/d1x-rebirth-0.58.1/editor/ksegsize.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modified_segments[MAX_SEGMENTS]; data/d1x-rebirth-0.58.1/editor/ktmap.c:30:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Assign Texture UNDONE."); data/d1x-rebirth-0.58.1/editor/ktmap.c:49:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Assign Texture 2 UNDONE."); data/d1x-rebirth-0.58.1/editor/ktmap.c:73:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Clear Texture 2 UNDONE."); data/d1x-rebirth-0.58.1/editor/ktmap.c:92:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Propogate Textures UNDONE."); data/d1x-rebirth-0.58.1/editor/ktmap.c:172:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Propogate Textures Selected UNDONE."); data/d1x-rebirth-0.58.1/editor/med.c:142:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void print_status_bar( char message[DIAGNOSTIC_MESSAGE_MAX] ) { data/d1x-rebirth-0.58.1/editor/med.c:155:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void print_diagnostic( char message[DIAGNOSTIC_MESSAGE_MAX] ) { data/d1x-rebirth-0.58.1/editor/med.c:168:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char status_line[DIAGNOSTIC_MESSAGE_MAX] = ""; data/d1x-rebirth-0.58.1/editor/med.c:216:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sub_status_line[DIAGNOSTIC_MESSAGE_MAX]; data/d1x-rebirth-0.58.1/editor/med.c:327:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keypress[100]; data/d1x-rebirth-0.58.1/editor/med.c:328:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_buffer[200]; data/d1x-rebirth-0.58.1/editor/med.c:1026:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Message[DIAGNOSTIC_MESSAGE_MAX]; data/d1x-rebirth-0.58.1/editor/med.c:1030:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Message, "Do you wish to restore game state?\n"); data/d1x-rebirth-0.58.1/editor/med.c:1232:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kdesc[100]; data/d1x-rebirth-0.58.1/editor/med.c:1466:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mystr[30]; data/d1x-rebirth-0.58.1/editor/med.c:1467:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mystr,"mark %i start",Mark_count); data/d1x-rebirth-0.58.1/editor/med.c:1475:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mystr[30]; data/d1x-rebirth-0.58.1/editor/med.c:1476:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mystr,"mark %i end",Mark_count); data/d1x-rebirth-0.58.1/editor/medmisc.c:133:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Delete Segment UNDONE."); data/d1x-rebirth-0.58.1/editor/medmisc.c:373:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Attach Segment UNDONE.\n"); data/d1x-rebirth-0.58.1/editor/medmisc.c:407:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(undo_status[Autosave_count], "Delete segment UNDONE."); data/d1x-rebirth-0.58.1/editor/medrobot.c:672:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_text[STRING_LENGTH+1]; data/d1x-rebirth-0.58.1/editor/medrobot.c:715:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_text[12]; data/d1x-rebirth-0.58.1/editor/medrobot.c:787:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Xmessage[MATT_LEN], Ymessage[MATT_LEN], Zmessage[MATT_LEN]; data/d1x-rebirth-0.58.1/editor/medrobot.c:816:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Xmessage,"%.2f",f2fl(obj->mtype.spin_rate.x)); data/d1x-rebirth-0.58.1/editor/medrobot.c:817:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Ymessage,"%.2f",f2fl(obj->mtype.spin_rate.y)); data/d1x-rebirth-0.58.1/editor/medrobot.c:818:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Zmessage,"%.2f",f2fl(obj->mtype.spin_rate.z)); data/d1x-rebirth-0.58.1/editor/medwall.c:1029:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Message[DIAGNOSTIC_MESSAGE_MAX]; data/d1x-rebirth-0.58.1/editor/medwall.c:1057:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Message, "Num_walls is bogus\nDo you wish to correct it?\n"); data/d1x-rebirth-0.58.1/editor/medwall.c:1068:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Message, "Unmatched wall detected\nDo you wish to correct it?\n"); data/d1x-rebirth-0.58.1/editor/medwall.c:1082:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Message, "Num_triggers is bogus\nDo you wish to correct it?\n"); data/d1x-rebirth-0.58.1/editor/medwall.c:1096:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Message[DIAGNOSTIC_MESSAGE_MAX]; data/d1x-rebirth-0.58.1/editor/medwall.c:1099:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Message, "Are you sure that walls are hosed so\n badly that you want them ALL GONE!?\n"); data/d1x-rebirth-0.58.1/editor/medwall.c:1115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Message[DIAGNOSTIC_MESSAGE_MAX]; data/d1x-rebirth-0.58.1/editor/medwall.c:1118:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( Message, "Are you sure that triggers are hosed so\n badly that you want them ALL GONE!?\n"); data/d1x-rebirth-0.58.1/editor/mine.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char current_tmap_list[MAX_TEXTURES][13]; data/d1x-rebirth-0.58.1/editor/mine.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[256]; data/d1x-rebirth-0.58.1/editor/mine.c:69:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[20]; data/d1x-rebirth-0.58.1/editor/mine.c:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[128]; data/d1x-rebirth-0.58.1/editor/mine.c:300:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "Error: Too many segments (%i > %i) for game (not editor)", Highest_segment_index+1, MAX_SEGMENTS); data/d1x-rebirth-0.58.1/editor/mine.c:305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[128]; data/d1x-rebirth-0.58.1/editor/mine.c:306:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(message, "Error: Too many vertices (%i > %i) for game (not editor)", Highest_vertex_index+1, MAX_VERTICES); data/d1x-rebirth-0.58.1/editor/segment.c:1753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1]; data/d1x-rebirth-0.58.1/editor/segment.c:1759:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( temp, "%d", N_warning_segs ); data/d1x-rebirth-0.58.1/editor/segment.c:1767:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1]; data/d1x-rebirth-0.58.1/editor/segment.c:1777:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( temp, "%d", N_warning_segs ); data/d1x-rebirth-0.58.1/editor/texpage.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmap_filename[13]; data/d1x-rebirth-0.58.1/editor/texpage.c:56:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void texpage_print_name( char name[13] ) data/d1x-rebirth-0.58.1/iff/iff.c:556:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (palette) memcpy(palette,&bmheader.palette,sizeof(bmheader.palette)); data/d1x-rebirth-0.58.1/iff/iff.c:900:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (palette) memcpy(&bmheader.palette,palette,256*3); data/d1x-rebirth-0.58.1/include/byteswap.h:62:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)&tmp, s, 8); data/d1x-rebirth-0.58.1/include/byteswap.h:68:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)&tmp, s, 4); data/d1x-rebirth-0.58.1/include/byteswap.h:74:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)&tmp, s, 2); data/d1x-rebirth-0.58.1/include/byteswap.h:78:35: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)(d), (void *)&tmp, 8); } data/d1x-rebirth-0.58.1/include/byteswap.h:80:35: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)(d), (void *)&tmp, 4); } data/d1x-rebirth-0.58.1/include/byteswap.h:82:35: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)(d), (void *)&tmp, 2); } data/d1x-rebirth-0.58.1/include/console.h:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[CON_LINE_LENGTH]; data/d1x-rebirth-0.58.1/include/editor/centers.h:27:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Center_names[MAX_CENTER_TYPES][CENTER_STRING_LENGTH]; data/d1x-rebirth-0.58.1/include/editor/editor.h:503:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern void print_status_icon( char icon[1], int position ); data/d1x-rebirth-0.58.1/include/editor/editor.h:504:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern void clear_status_icon( char icon[1], int position ); data/d1x-rebirth-0.58.1/include/editor/editor.h:573:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char mine_filename[PATH_MAX]; data/d1x-rebirth-0.58.1/include/editor/editor.h:574:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char undo_status[10][100]; data/d1x-rebirth-0.58.1/include/gr.h:341:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char Test_bitmap_data[64*64]; data/d1x-rebirth-0.58.1/include/hmp.h:40:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[3]; data/d1x-rebirth-0.58.1/include/physfsx.h:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/d1x-rebirth-0.58.1/include/ui.h:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char description[100]; data/d1x-rebirth-0.58.1/include/ui.h:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * buttontext[17]; data/d1x-rebirth-0.58.1/include/ui.h:63:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsvd[256]; data/d1x-rebirth-0.58.1/main/ai.c:191:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode_text[8][9] = { data/d1x-rebirth-0.58.1/main/ai.c:203:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char behavior_text[6][9] = { data/d1x-rebirth-0.58.1/main/ai.c:213:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_text[8][5] = { data/d1x-rebirth-0.58.1/main/ai.c:2991:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Ai_error_message[128] = ""; data/d1x-rebirth-0.58.1/main/ai.c:3007:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Ai_dump_file = fopen("ai.out","a+t"); data/d1x-rebirth-0.58.1/main/automap.c:238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_level[128]; data/d1x-rebirth-0.58.1/main/bm.c:265:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, bm->bm_data, sizeof(unsigned char)*(bm->bm_w*bm->bm_h)); data/d1x-rebirth-0.58.1/main/bm.h:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[13]; data/d1x-rebirth-0.58.1/main/bmread.c:100:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Powerup_names[MAX_POWERUP_TYPES][POWERUP_NAME_LENGTH]; data/d1x-rebirth-0.58.1/main/bmread.c:101:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Robot_names[MAX_ROBOT_TYPES][ROBOT_NAME_LENGTH]; data/d1x-rebirth-0.58.1/main/bmread.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[20]; data/d1x-rebirth-0.58.1/main/bmread.c:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[20]; data/d1x-rebirth-0.58.1/main/bmread.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempname[20]; data/d1x-rebirth-0.58.1/main/bmread.c:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[20]; data/d1x-rebirth-0.58.1/main/bmread.c:274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawname[100]; data/d1x-rebirth-0.58.1/main/bmread.c:327:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi( xarg ); data/d1x-rebirth-0.58.1/main/bmread.c:353:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inputline[LINEBUF_SIZE]; data/d1x-rebirth-0.58.1/main/bmread.c:439:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SuperX = atoi( &temp_ptr[7] ); data/d1x-rebirth-0.58.1/main/bmread.c:680:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char short_name[13]; data/d1x-rebirth-0.58.1/main/bmread.c:869:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bytep[i] = atoi(curtext); data/d1x-rebirth-0.58.1/main/bmread.c:937:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). robotnum = atoi(robotnum_text); data/d1x-rebirth-0.58.1/main/bmread.c:982:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). eclip_num = atoi(name+1); data/d1x-rebirth-0.58.1/main/bmread.c:1006:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *model_name[MAX_MODEL_VARIANTS]; data/d1x-rebirth-0.58.1/main/bmread.c:1020:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ROBOT_NAME_LENGTH]; data/d1x-rebirth-0.58.1/main/bmread.c:1054:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exp1_vclip_num = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1056:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exp2_vclip_num = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1058:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exp1_sound_num = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1060:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exp2_sound_num = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1067:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). weapon_type = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1069:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). strength = i2f(atoi(equal_ptr)); data/d1x-rebirth-0.58.1/main/bmread.c:1075:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). contains_id = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1077:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). contains_type = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1079:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). contains_count = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1081:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). contains_prob = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1083:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cloak_type = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1085:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). attack_type = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1087:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). boss_flag = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1089:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). score_value = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1091:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). see_sound = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1093:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). attack_sound = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1095:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). claw_sound = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1255:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *model_name[MAX_MODEL_VARIANTS]; data/d1x-rebirth-0.58.1/main/bmread.c:1313:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Player_ship->expl_vclip_num=atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1448:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *model_name[MAX_MODEL_VARIANTS]; data/d1x-rebirth-0.58.1/main/bmread.c:1534:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].weapon_vclip = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1555:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].strength[i] = i2f(atoi(equal_ptr)); data/d1x-rebirth-0.58.1/main/bmread.c:1558:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].strength[i] = i2f(atoi(equal_ptr)); data/d1x-rebirth-0.58.1/main/bmread.c:1566:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].matter = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1568:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].bounce = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1571:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].speed[i] = i2f(atoi(equal_ptr)); data/d1x-rebirth-0.58.1/main/bmread.c:1574:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].speed[i] = i2f(atoi(equal_ptr)); data/d1x-rebirth-0.58.1/main/bmread.c:1576:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].flash_vclip = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1578:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].flash_sound = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1584:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].robot_hit_vclip = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1586:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].robot_hit_sound = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1588:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].wall_hit_vclip = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1590:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].wall_hit_sound = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1594:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lighted = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1600:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].persistent = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1604:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].ammo_usage = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1608:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].fire_count = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1616:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].destroyable = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1620:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Weapon_info[n].homing_flag = !!atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1699:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Powerup_info[n].vclip_num = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1703:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Powerup_info[n].hit_sound = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1741:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Hostage_vclip_num[n] = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/bmread.c:1774:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). clip_num = atoi(equal_ptr); data/d1x-rebirth-0.58.1/main/config.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char CMLevelMusicPath[PATH_MAX+1]; data/d1x-rebirth-0.58.1/main/config.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char CMMiscMusic[5][PATH_MAX+1]; data/d1x-rebirth-0.58.1/main/config.h:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char LastPlayer[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/config.h:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char LastMission[MISSION_NAME_LEN+1]; data/d1x-rebirth-0.58.1/main/console.c:36:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&con_buffer[i-1].line,&con_buffer[i].line,CON_LINE_LENGTH); data/d1x-rebirth-0.58.1/main/console.c:41:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&con_buffer[CON_LINES_MAX-1].line,buffer,CON_LINE_LENGTH); data/d1x-rebirth-0.58.1/main/console.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[CON_LINE_LENGTH]; data/d1x-rebirth-0.58.1/main/credits.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[NUM_LINES][80]; data/d1x-rebirth-0.58.1/main/credits.c:185:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[32]; data/d1x-rebirth-0.58.1/main/credits.c:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfile[32]; data/d1x-rebirth-0.58.1/main/custom.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/d1x-rebirth-0.58.1/main/custom.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/d1x-rebirth-0.58.1/main/custom.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/d1x-rebirth-0.58.1/main/custom.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[15]; data/d1x-rebirth-0.58.1/main/custom.c:133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( name, bmh.name, 8 ); data/d1x-rebirth-0.58.1/main/custom.c:137:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strchr(name, 0), "#%d", bmh.dflags & 63); data/d1x-rebirth-0.58.1/main/custom.c:157:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, sndh.name, 8); data/d1x-rebirth-0.58.1/main/custom.c:652:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char custom_file[64]; data/d1x-rebirth-0.58.1/main/dumpmine.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[256]; data/d1x-rebirth-0.58.1/main/dumpmine.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[256]; data/d1x-rebirth-0.58.1/main/dumpmine.c:530:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_filename[128]; data/d1x-rebirth-0.58.1/main/dumpmine.c:543:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( &my_filename[namelen-4], ".txm"); data/d1x-rebirth-0.58.1/main/dumpmine.c:548:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/main/dumpmine.c:841:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/main/dumpmine.c:843:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ErrorMessage, "ERROR: Unable to open output file levels.all\n"); data/d1x-rebirth-0.58.1/main/dumpmine.c:895:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/main/dumpmine.c:897:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ErrorMessage, "ERROR: Unable to open output file textures.dmp\n"); data/d1x-rebirth-0.58.1/main/endlevel.c:1316:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[13]; data/d1x-rebirth-0.58.1/main/endlevel.c:1317:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINE_LEN],*p; data/d1x-rebirth-0.58.1/main/endlevel.c:1329:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename,"level%02d.sdl", level_num); data/d1x-rebirth-0.58.1/main/endlevel.c:1420:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exit_angles.h = i2f(atoi(p))/360; data/d1x-rebirth-0.58.1/main/endlevel.c:1468:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). satellite_size = i2f(atoi(p)); data/d1x-rebirth-0.58.1/main/fuelcen.c:76:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Special_names[MAX_CENTER_TYPES][11] = { data/d1x-rebirth-0.58.1/main/fuelcen.h:84:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Special_names[MAX_CENTER_TYPES][11]; data/d1x-rebirth-0.58.1/main/fvi.c:109:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &norm, &s->normals[facenum], sizeof(vms_vector_array)); data/d1x-rebirth-0.58.1/main/fvi.c:1125:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &normal_array, &side->normals[facenum], sizeof(vms_vector_array) ); data/d1x-rebirth-0.58.1/main/game.c:432:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savename[FILENAME_LEN+sizeof(SCRNS_DIR)]; data/d1x-rebirth-0.58.1/main/gamecntl.c:226:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%1d:%02d:%02d", h, m, s ); data/d1x-rebirth-0.58.1/main/gamecntl.c:286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_time[9],level_time[9]; data/d1x-rebirth-0.58.1/main/gamecntl.c:448:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_LEN], num[16]; data/d1x-rebirth-0.58.1/main/gamecntl.c:464:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). how_many = atoi(num); data/d1x-rebirth-0.58.1/main/gamecntl.c:914:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[FILENAME_LEN]=""; data/d1x-rebirth-0.58.1/main/gamecntl.c:974:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cheat_buffer[CHEAT_MAX_LEN] = "AAAAAAAAAAAAAAA"; data/d1x-rebirth-0.58.1/main/gamecntl.c:1102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[10]=""; data/d1x-rebirth-0.58.1/main/gamecntl.c:1109:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new_level_num = atoi(m.text); data/d1x-rebirth-0.58.1/main/gamecntl.c:1153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_text[21]; data/d1x-rebirth-0.58.1/main/gamecntl.c:1155:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( score_text, "%d", Players[Player_num].score ); data/d1x-rebirth-0.58.1/main/gamecntl.c:1194:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Players[Player_num].score = atoi(mm[6].text); data/d1x-rebirth-0.58.1/main/gamefont.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64];//hrm. data/d1x-rebirth-0.58.1/main/gamemine.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char old_tmap_list[MAX_TEXTURES][13]; data/d1x-rebirth-0.58.1/main/gamerend.c:304:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[128]; data/d1x-rebirth-0.58.1/main/gamesave.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Shareware_level_names[NUM_SHAREWARE_LEVELS] = { data/d1x-rebirth-0.58.1/main/gamesave.c:77:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Shareware_level_names[NUM_SHAREWARE_LEVELS] = { data/d1x-rebirth-0.58.1/main/gamesave.c:88:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Registered_level_names[NUM_REGISTERED_LEVELS] = { data/d1x-rebirth-0.58.1/main/gamesave.c:115:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Gamesave_current_filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/gamesave.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mine_filename[15]; data/d1x-rebirth-0.58.1/main/gamesave.c:176:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char MaxPowerupsAllowed[MAX_POWERUP_TYPES]; data/d1x-rebirth-0.58.1/main/gamesave.c:177:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char PowerupsInMine[MAX_POWERUP_TYPES]; data/d1x-rebirth-0.58.1/main/gamesave.c:212:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Save_pof_names[MAX_POLYGON_MODELS_NEW][FILENAME_LEN]; data/d1x-rebirth-0.58.1/main/gamesave.c:1093:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/gamesave.c:1207:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/main/gamesave.c:1222:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/main/gamesave.c:1224:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ErrorMessage, "You just loaded a old version level. Would\n" data/d1x-rebirth-0.58.1/main/gamesave.c:1444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/gamesave.c:1453:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[200]; data/d1x-rebirth-0.58.1/main/gamesave.c:1455:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ErrorMessage, "Warning: %i errors in this mine!\n", Errors_in_mine ); data/d1x-rebirth-0.58.1/main/gamesave.c:1473:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorMessage[256]; data/d1x-rebirth-0.58.1/main/gamesave.c:1482:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Current_level_name,"Untitled"); data/d1x-rebirth-0.58.1/main/gamesave.h:27:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *Shareware_level_names[NUM_SHAREWARE_LEVELS]; data/d1x-rebirth-0.58.1/main/gamesave.h:28:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *Registered_level_names[NUM_REGISTERED_LEVELS]; data/d1x-rebirth-0.58.1/main/gameseq.c:113:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Current_level_name[LEVEL_NAME_LEN]; data/d1x-rebirth-0.58.1/main/gameseq.c:512:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char t[13]; data/d1x-rebirth-0.58.1/main/gameseq.c:513:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t, "level%02d.sdl", level_num); data/d1x-rebirth-0.58.1/main/gameseq.c:689:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char all_hostage_text[64]; data/d1x-rebirth-0.58.1/main/gameseq.c:690:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endgame_text[64]; data/d1x-rebirth-0.58.1/main/gameseq.c:692:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_str[N_GLITZITEMS][30]; data/d1x-rebirth-0.58.1/main/gameseq.c:695:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[128]; data/d1x-rebirth-0.58.1/main/gameseq.c:794:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024]; data/d1x-rebirth-0.58.1/main/gameseq.c:1180:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char PowerupsInMine[MAX_POWERUP_TYPES], MaxPowerupsAllowed[MAX_POWERUP_TYPES]; data/d1x-rebirth-0.58.1/main/gameseq.h:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Current_level_name[LEVEL_NAME_LEN]; data/d1x-rebirth-0.58.1/main/gauges.c:707:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_str[20]; data/d1x-rebirth-0.58.1/main/gauges.c:733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_str[20]; data/d1x-rebirth-0.58.1/main/gauges.c:748:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(score_str, "T - %5d", i); data/d1x-rebirth-0.58.1/main/gauges.c:766:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_str[20]; data/d1x-rebirth-0.58.1/main/gauges.c:788:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(score_str, "%5d", score_display); data/d1x-rebirth-0.58.1/main/gauges.c:801:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_str[20]; data/d1x-rebirth-0.58.1/main/gauges.c:815:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(score_str, "%5d", Players[Player_num].net_kills_total); data/d1x-rebirth-0.58.1/main/gauges.c:817:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(score_str, "%5d", Players[Player_num].score); data/d1x-rebirth-0.58.1/main/gauges.c:839:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_str[32]; data/d1x-rebirth-0.58.1/main/gauges.c:864:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(score_str, "%5d", score_display); data/d1x-rebirth-0.58.1/main/gauges.c:1000:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[5],*t; data/d1x-rebirth-0.58.1/main/gauges.c:1031:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char weapon_str[10]; data/d1x-rebirth-0.58.1/main/gauges.c:1047:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(weapon_str,"%c%i", data/d1x-rebirth-0.58.1/main/gauges.c:1053:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(weapon_str,"V%i", f2i(Players[Player_num].primary_ammo[1] * VULCAN_AMMO_SCALE)); data/d1x-rebirth-0.58.1/main/gauges.c:1082:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(weapon_str,"%i",Players[Player_num].secondary_ammo[i]); data/d1x-rebirth-0.58.1/main/gauges.c:1128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char weapon_str[32]; data/d1x-rebirth-0.58.1/main/gauges.c:1277:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char killed_str[20]; data/d1x-rebirth-0.58.1/main/gauges.c:1282:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(killed_str, "%5d", Players[Player_num].net_killed_total); data/d1x-rebirth-0.58.1/main/gauges.c:1404:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char cockpitbuf[1024*1024]; data/d1x-rebirth-0.58.1/main/gauges.c:1436:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cockpitbuf, bm->bm_data, sizeof(unsigned char)*(bm->bm_w*bm->bm_h)); data/d1x-rebirth-0.58.1/main/gauges.c:2186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[9]; data/d1x-rebirth-0.58.1/main/gauges.c:2238:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name,"[TARGET]"); data/d1x-rebirth-0.58.1/main/gauges.c:2330:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[CALLSIGN_LEN+10]; data/d1x-rebirth-0.58.1/main/hud.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[HUD_MESSAGE_LENGTH+1]; data/d1x-rebirth-0.58.1/main/hud.c:81:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&HUD_messages[j], &HUD_messages[j+1], sizeof(struct hudmsg)); data/d1x-rebirth-0.58.1/main/hud.c:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[HUD_MESSAGE_LENGTH+1] = ""; data/d1x-rebirth-0.58.1/main/hud.c:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1024] = ""; data/d1x-rebirth-0.58.1/main/hud.c:169:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&HUD_messages[i], &HUD_messages[i+1], sizeof(struct hudmsg)); data/d1x-rebirth-0.58.1/main/inferno.c:406:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[32] = ""; data/d1x-rebirth-0.58.1/main/inferno.c:410:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filename, "Players/"); data/d1x-rebirth-0.58.1/main/inferno.c:420:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filename,".plr"); data/d1x-rebirth-0.58.1/main/inferno.h:45:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char d_fname[FILENAME_LEN]; data/d1x-rebirth-0.58.1/main/kconfig.c:65:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char invert_text[2][2] = { "N", "Y" }; data/d1x-rebirth-0.58.1/main/kconfig.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *joybutton_text[JOY_MAX_BUTTONS]; data/d1x-rebirth-0.58.1/main/kconfig.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *joyaxis_text[JOY_MAX_AXES]; data/d1x-rebirth-0.58.1/main/kconfig.c:409:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char btext[10]; data/d1x-rebirth-0.58.1/main/kconfig.c:425:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(btext, "BTN%2d", item->value + 1); data/d1x-rebirth-0.58.1/main/kconfig.c:431:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(btext, "AXIS%2d", item->value + 1); data/d1x-rebirth-0.58.1/main/kconfig.c:922:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char btext[10]; data/d1x-rebirth-0.58.1/main/kconfig.c:945:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(btext, "BTN%2d", item->value + 1); data/d1x-rebirth-0.58.1/main/kconfig.c:951:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(btext, "AXIS%2d", item->value + 1); data/d1x-rebirth-0.58.1/main/kmatrix.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/d1x-rebirth-0.58.1/main/kmatrix.c:102:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp,"NA"); data/d1x-rebirth-0.58.1/main/kmatrix.c:104:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp,"%d%%",(int)((float)((float)Players[sorted[i]].net_kills_total/((float)Players[sorted[i]].net_killed_total+(float)Players[sorted[i]].net_kills_total))*100.0)); data/d1x-rebirth-0.58.1/main/menu.c:171:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:173:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[CALLSIGN_LEN+9]=""; data/d1x-rebirth-0.58.1/main/menu.c:230:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plxfile[PATH_MAX], efffile[PATH_MAX], ngpfile[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:232:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:620:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:646:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:666:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bakname[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:782:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info_text[80]; data/d1x-rebirth-0.58.1/main/menu.c:783:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num_text[10]; data/d1x-rebirth-0.58.1/main/menu.c:803:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new_level_num = atoi(m[1].text); data/d1x-rebirth-0.58.1/main/menu.c:886:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char restext[50][12], crestext[12], casptext[12]; data/d1x-rebirth-0.58.1/main/menu.c:936:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cmode = SM(atoi(crestext), atoi(strchr(crestext, 'x')+1)); data/d1x-rebirth-0.58.1/main/menu.c:936:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cmode = SM(atoi(crestext), atoi(strchr(crestext, 'x')+1)); data/d1x-rebirth-0.58.1/main/menu.c:946:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). casp = SM(atoi(casptext), atoi(strchr(casptext, 'x')+1)); data/d1x-rebirth-0.58.1/main/menu.c:946:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). casp = SM(atoi(casptext), atoi(strchr(casptext, 'x')+1)); data/d1x-rebirth-0.58.1/main/menu.c:1296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char view_path[PATH_MAX]; // The absolute path we're currently looking at data/d1x-rebirth-0.58.1/main/menu.c:1322:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(b->list_buf, ".."); // go to parent directory data/d1x-rebirth-0.58.1/main/menu.c:1328:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(b->list[b->num_files++], "<this directory>"); // choose the directory being viewed data/d1x-rebirth-0.58.1/main/menu.c:1347:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newpath[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:1412:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(newpath, "/Volumes"); data/d1x-rebirth-0.58.1/main/menu.c:1466:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_path[PATH_MAX]; data/d1x-rebirth-0.58.1/main/menu.c:1738:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_CMLevelMusicPath[PATH_MAX+1], old_CMMiscMusic0[PATH_MAX+1]; data/d1x-rebirth-0.58.1/main/mglobal.c:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Side_opposite[MAX_SIDES_PER_SEGMENT] = {WRIGHT, WBOTTOM, WLEFT, WTOP, WFRONT, WBACK}; data/d1x-rebirth-0.58.1/main/mission.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_name[MISSION_NAME_LEN+1]; data/d1x-rebirth-0.58.1/main/mission.c:109:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Level_names[i], "level%02d.sdl", i+1); data/d1x-rebirth-0.58.1/main/mission.c:129:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Level_names[i], "level%02d.sdl", i+1); data/d1x-rebirth-0.58.1/main/mission.c:150:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Level_names[i], "level%02d.rdl", i+1); data/d1x-rebirth-0.58.1/main/mission.c:151:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Level_names[i], "saturn%02d.rdl", i+1); data/d1x-rebirth-0.58.1/main/mission.c:153:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Secret_level_names[i], "levels%1d.rdl", i+1); data/d1x-rebirth-0.58.1/main/mission.c:179:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Level_names[i], "level%02d.rdl", i+1); data/d1x-rebirth-0.58.1/main/mission.c:181:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Secret_level_names[i], "levels%1d.rdl", i+1); data/d1x-rebirth-0.58.1/main/mission.c:232:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80]; data/d1x-rebirth-0.58.1/main/mission.c:252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename2[100]; data/d1x-rebirth-0.58.1/main/mission.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[PATH_MAX], *ext; data/d1x-rebirth-0.58.1/main/mission.c:411:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_LEN], * t; data/d1x-rebirth-0.58.1/main/mission.c:435:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hogpath[PATH_MAX]; data/d1x-rebirth-0.58.1/main/mission.c:464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char search_str[PATH_MAX] = MISSION_DIR; data/d1x-rebirth-0.58.1/main/mission.c:528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX], *v; data/d1x-rebirth-0.58.1/main/mission.c:567:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf,".msn"); data/d1x-rebirth-0.58.1/main/mission.c:578:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf+strlen(buf)-4,".hog"); //change extension data/d1x-rebirth-0.58.1/main/mission.c:648:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_levels = atoi(v); data/d1x-rebirth-0.58.1/main/mission.c:677:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N_secret_levels = atoi(v); data/d1x-rebirth-0.58.1/main/mission.c:707:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Secret_level_table[i] = atoi(t); data/d1x-rebirth-0.58.1/main/mission.c:865:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Level_names[0], "GAMESAVE.LVL"); data/d1x-rebirth-0.58.1/main/mission.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_name[MISSION_NAME_LEN+1]; data/d1x-rebirth-0.58.1/main/multi.c:117:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char multibuf2[MAX_MULTI_MESSAGE_LEN+4]; data/d1x-rebirth-0.58.1/main/multi.c:127:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Network_message[MAX_MESSAGE_LEN]; data/d1x-rebirth-0.58.1/main/multi.c:134:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char GMNames[MULTI_GAME_TYPE_COUNT][MULTI_GAME_NAME_LENGTH]={ data/d1x-rebirth-0.58.1/main/multi.c:144:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char GMNamesShrt[MULTI_GAME_TYPE_COUNT][8]={ data/d1x-rebirth-0.58.1/main/multi.c:176:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char PowerupsInMine[MAX_POWERUP_TYPES],MaxPowerupsAllowed[MAX_POWERUP_TYPES]; data/d1x-rebirth-0.58.1/main/multi.c:199:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *multi_allow_powerup_text[MULTI_ALLOW_POWERUP_MAX] = data/d1x-rebirth-0.58.1/main/multi.c:585:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char killed_name[(CALLSIGN_LEN*2)+4]; data/d1x-rebirth-0.58.1/main/multi.c:586:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char killer_name[(CALLSIGN_LEN*2)+4]; data/d1x-rebirth-0.58.1/main/multi.c:1053:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char feedback_result[200]; data/d1x-rebirth-0.58.1/main/multi.c:1065:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((Game_mode & GM_TEAM) && (atoi(Network_message) > 0) && (atoi(Network_message) < 3)) data/d1x-rebirth-0.58.1/main/multi.c:1065:64: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((Game_mode & GM_TEAM) && (atoi(Network_message) > 0) && (atoi(Network_message) < 3)) data/d1x-rebirth-0.58.1/main/multi.c:1067:92: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sprintf(feedback_result+strlen(feedback_result), "%s '%s'", TXT_TEAM, Netgame.team_name[atoi(Network_message)-1]); data/d1x-rebirth-0.58.1/main/multi.c:1077:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(feedback_result, ", "); data/d1x-rebirth-0.58.1/main/multi.c:1090:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(feedback_result, ", "); data/d1x-rebirth-0.58.1/main/multi.c:1176:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). StartingShields=atol (mytempbuf); data/d1x-rebirth-0.58.1/main/multi.c:1484:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *colon,mesbuf[100]; data/d1x-rebirth-0.58.1/main/multi.c:1510:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((Game_mode & GM_TEAM) && ( (get_team(Player_num) == atoi(buf+loc)-1) || !d_strnicmp(Netgame.team_name[get_team(Player_num)], buf+loc, colon-(buf+loc)))) ) data/d1x-rebirth-0.58.1/main/multi.c:1545:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((ubyte *)(sp.bytemat), (ubyte *)(buf + 2), 9); data/d1x-rebirth-0.58.1/main/multi.c:1546:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((ubyte *)&(sp.xo), (ubyte *)(buf + 11), 14); data/d1x-rebirth-0.58.1/main/multi.c:1703:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf, buf, 5); data/d1x-rebirth-0.58.1/main/multi.c:2027:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&to_target, buf+count, 12); count += 12; data/d1x-rebirth-0.58.1/main/multi.c:2609:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(multibuf[count]), (ubyte *)(sp.bytemat), 9); data/d1x-rebirth-0.58.1/main/multi.c:2611:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(multibuf[count]), (ubyte *)&(sp.xo), 14); data/d1x-rebirth-0.58.1/main/multi.c:2790:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+count, to_goal, 12); count += 12; data/d1x-rebirth-0.58.1/main/multi.c:2795:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+count, &swapped_vec, 12); count += 12; data/d1x-rebirth-0.58.1/main/multi.c:2832:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+count, pos, sizeof(vms_vector)); count += sizeof(vms_vector); data/d1x-rebirth-0.58.1/main/multi.c:2837:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+count, &swapped_vec, 12); count += 12; data/d1x-rebirth-0.58.1/main/multi.c:3203:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buf, Players[Player_num].callsign, CALLSIGN_LEN+1 ); data/d1x-rebirth-0.58.1/main/multi.c:3396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rankstr[20]; data/d1x-rebirth-0.58.1/main/multi.c:3401:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (rankstr,"promoted"); data/d1x-rebirth-0.58.1/main/multi.c:3403:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (rankstr,"demoted"); data/d1x-rebirth-0.58.1/main/multi.c:3483:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[25]; data/d1x-rebirth-0.58.1/main/multi.c:3487:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( desc, &buf[count], 20 ); count += 20; data/d1x-rebirth-0.58.1/main/multi.c:3511:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &multibuf[count], desc, 20 ); count += 20; data/d1x-rebirth-0.58.1/main/multi.c:3531:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/multi.c:3532:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[24]; data/d1x-rebirth-0.58.1/main/multi.c:3572:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&call2i, Players[i].callsign, sizeof(fix)); data/d1x-rebirth-0.58.1/main/multi.c:3588:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/multi.c:3628:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/multi.c:3642:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/multi.h:185:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *multi_allow_powerup_text[MULTI_ALLOW_POWERUP_MAX]; data/d1x-rebirth-0.58.1/main/multi.h:186:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char GMNames[MULTI_GAME_TYPE_COUNT][MULTI_GAME_NAME_LENGTH]; data/d1x-rebirth-0.58.1/main/multi.h:187:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char GMNamesShrt[MULTI_GAME_TYPE_COUNT][8]; data/d1x-rebirth-0.58.1/main/multi.h:296:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Network_message[MAX_MESSAGE_LEN]; data/d1x-rebirth-0.58.1/main/multi.h:341:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char RefuseThisPlayer,WaitForRefuseAnswer,RefuseTeam,RefusePlayerName[12]; data/d1x-rebirth-0.58.1/main/multi.h:366:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/multi.h:395:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char game_name[NETGAME_NAME_LEN+1]; data/d1x-rebirth-0.58.1/main/multi.h:396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_title[MISSION_NAME_LEN+1]; data/d1x-rebirth-0.58.1/main/multi.h:397:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_name[9]; data/d1x-rebirth-0.58.1/main/multi.h:414:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char team_name[2][CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/multibot.c:411:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(multibuf[loc]), (ubyte *)(sp.bytemat), 9); data/d1x-rebirth-0.58.1/main/multibot.c:413:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(multibuf[loc]), (ubyte *)&(sp.xo), 14); data/d1x-rebirth-0.58.1/main/multibot.c:468:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+loc, fire, sizeof(vms_vector)); loc += sizeof(vms_vector); // 12 data/d1x-rebirth-0.58.1/main/multibot.c:475:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+loc, &swapped_vec, sizeof(vms_vector)); loc += sizeof(vms_vector); data/d1x-rebirth-0.58.1/main/multibot.c:484:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(robot_fire_buf[slot], multibuf, loc); data/d1x-rebirth-0.58.1/main/multibot.c:581:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+loc, &del_obj->pos, sizeof(vms_vector)); loc += 12; data/d1x-rebirth-0.58.1/main/multibot.c:586:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(multibuf+loc, &swapped_vec, sizeof(vms_vector)); loc += 12; data/d1x-rebirth-0.58.1/main/multibot.c:723:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((ubyte *)(sp.bytemat), (ubyte *)(buf + loc), 9); loc += 9; data/d1x-rebirth-0.58.1/main/multibot.c:724:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((ubyte *)&(sp.xo), (ubyte *)(buf + loc), 14); data/d1x-rebirth-0.58.1/main/multibot.c:744:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fire, buf+loc, sizeof(vms_vector)); data/d1x-rebirth-0.58.1/main/multibot.c:1031:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&del_obj.pos, buf+loc, sizeof(vms_vector)); loc += 12; data/d1x-rebirth-0.58.1/main/net_udp.c:103:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char UDP_MyPort[6] = ""; data/d1x-rebirth-0.58.1/main/net_udp.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sPort[6]; data/d1x-rebirth-0.58.1/main/net_udp.c:179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sAddr, result->ai_addr, result->ai_addrlen ); data/d1x-rebirth-0.58.1/main/net_udp.c:257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cport[6]; data/d1x-rebirth-0.58.1/main/net_udp.c:268:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cport,"%i",port); data/d1x-rebirth-0.58.1/main/net_udp.c:433:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PUT_INTEL_SHORT( pBuf+3, atoi( UDP_MyPort ) ); data/d1x-rebirth-0.58.1/main/net_udp.c:511:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[128]; data/d1x-rebirth-0.58.1/main/net_udp.c:512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portbuf[6]; data/d1x-rebirth-0.58.1/main/net_udp.c:603:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(UDP_MyPort)) <= 1024 ||(atoi(UDP_MyPort)) > 65535) data/d1x-rebirth-0.58.1/main/net_udp.c:603:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(UDP_MyPort)) <= 1024 ||(atoi(UDP_MyPort)) > 65535) data/d1x-rebirth-0.58.1/main/net_udp.c:610:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sockres = udp_open_socket(0, atoi(UDP_MyPort)); data/d1x-rebirth-0.58.1/main/net_udp.c:618:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (udp_dns_filladdr(dj->addrbuf, atoi(dj->portbuf), &dj->host_addr) < 0) data/d1x-rebirth-0.58.1/main/net_udp.c:630:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((struct _sockaddr *)&Netgame.players[0].protocol.udp.addr, (struct _sockaddr *)&dj->host_addr, sizeof(struct _sockaddr)); data/d1x-rebirth-0.58.1/main/net_udp.c:814:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((struct _sockaddr *)&dj->host_addr, (struct _sockaddr *)&Active_udp_games[(citem+(NLPage*UDP_NETGAMES_PPAGE))-4].game_addr, sizeof(struct _sockaddr)); data/d1x-rebirth-0.58.1/main/net_udp.c:815:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((struct _sockaddr *)&Netgame.players[0].protocol.udp.addr, (struct _sockaddr *)&dj->host_addr, sizeof(struct _sockaddr)); data/d1x-rebirth-0.58.1/main/net_udp.c:854:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char levelname[8],MissName[25],GameName[25],thold[2],status[8]; data/d1x-rebirth-0.58.1/main/net_udp.c:1017:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[len], seq.player.callsign, CALLSIGN_LEN+1); len += CALLSIGN_LEN+1; data/d1x-rebirth-0.58.1/main/net_udp.c:1029:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seq->player.callsign, &(data[len]), CALLSIGN_LEN+1); len += CALLSIGN_LEN+1; data/d1x-rebirth-0.58.1/main/net_udp.c:1031:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(seq->player.rank),&(data[len]),1); len++; data/d1x-rebirth-0.58.1/main/net_udp.c:1034:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&seq->player.protocol.udp.addr, (struct _sockaddr *)&sender_addr, sizeof(struct _sockaddr)); data/d1x-rebirth-0.58.1/main/net_udp.c:1062:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(UDP_Seq.player.callsign, Players[Player_num].callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:1241:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Players[pnum].callsign, their->player.callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:1242:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Netgame.players[pnum].callsign, their->player.callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:1243:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Netgame.players[pnum].protocol.udp.addr, &their->player.protocol.udp.addr, sizeof(struct _sockaddr)); data/d1x-rebirth-0.58.1/main/net_udp.c:1896:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( Netgame.players[N_players].callsign, p->player.callsign, CALLSIGN_LEN+1 ); data/d1x-rebirth-0.58.1/main/net_udp.c:1897:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (struct _sockaddr *)&Netgame.players[N_players].protocol.udp.addr, (struct _sockaddr *)&p->player.protocol.udp.addr, sizeof(struct _sockaddr) ); data/d1x-rebirth-0.58.1/main/net_udp.c:1930:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( Netgame.players[i].callsign, Netgame.players[i+1].callsign, CALLSIGN_LEN+1 ); data/d1x-rebirth-0.58.1/main/net_udp.c:1931:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (struct _sockaddr *)&Netgame.players[i].protocol.udp.addr, (struct _sockaddr *)&Netgame.players[i+1].protocol.udp.addr, sizeof(struct _sockaddr) ); data/d1x-rebirth-0.58.1/main/net_udp.c:2073:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buf[1]), UDP_REQ_ID, 4); data/d1x-rebirth-0.58.1/main/net_udp.c:2087:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sender_id[4] = ""; data/d1x-rebirth-0.58.1/main/net_udp.c:2089:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sender_id, &(data[1]), 4); data/d1x-rebirth-0.58.1/main/net_udp.c:2127:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buf[len]), Netgame.game_name, NETGAME_NAME_LEN+1); len += (NETGAME_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2128:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buf[len]), Netgame.mission_title, MISSION_NAME_LEN+1); len += (MISSION_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buf[len]), Netgame.mission_name, 9); len += 9; data/d1x-rebirth-0.58.1/main/net_udp.c:2164:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[len], Netgame.players[i].callsign, CALLSIGN_LEN+1); len += CALLSIGN_LEN+1; data/d1x-rebirth-0.58.1/main/net_udp.c:2172:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buf[len]), Netgame.game_name, NETGAME_NAME_LEN+1); len += (NETGAME_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2173:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buf[len]), Netgame.mission_title, MISSION_NAME_LEN+1); len += (MISSION_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2174:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buf[len]), Netgame.mission_name, 9); len += 9; data/d1x-rebirth-0.58.1/main/net_udp.c:2201:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[len], Netgame.team_name, 2*(CALLSIGN_LEN+1)); len += 2*(CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2299:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&recv_game, &game_addr, sizeof(struct _sockaddr)); data/d1x-rebirth-0.58.1/main/net_udp.c:2309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&recv_game.game_name, &(data[len]), NETGAME_NAME_LEN+1); len += (NETGAME_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&recv_game.mission_title, &(data[len]), MISSION_NAME_LEN+1); len += (MISSION_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2311:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&recv_game.mission_name, &(data[len]), 9); len += 9; data/d1x-rebirth-0.58.1/main/net_udp.c:2332:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Active_udp_games[i], &recv_game, sizeof(UDP_netgame_info_lite)); data/d1x-rebirth-0.58.1/main/net_udp.c:2341:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Active_udp_games[j], &Active_udp_games[j+1], sizeof(UDP_netgame_info_lite)); data/d1x-rebirth-0.58.1/main/net_udp.c:2347:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((struct _sockaddr *)&Netgame.players[0].protocol.udp.addr, (struct _sockaddr *)&game_addr, sizeof(struct _sockaddr)); data/d1x-rebirth-0.58.1/main/net_udp.c:2355:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Netgame.players[i].callsign, &(data[len]), CALLSIGN_LEN+1); len += CALLSIGN_LEN+1; data/d1x-rebirth-0.58.1/main/net_udp.c:2360:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Netgame.game_name, &(data[len]), NETGAME_NAME_LEN+1); len += (NETGAME_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2361:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Netgame.mission_title, &(data[len]), MISSION_NAME_LEN+1); len += (MISSION_NAME_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2362:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Netgame.mission_name, &(data[len]), 9); len += 9; data/d1x-rebirth-0.58.1/main/net_udp.c:2379:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Netgame.team_name, &(data[len]), 2*(CALLSIGN_LEN+1)); len += 2*(CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:2822:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( menus[i].text, "%d. ", i+1 ); // Clear out the deleted entries... data/d1x-rebirth-0.58.1/main/net_udp.c:2859:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char PlayText[80],KillText[80],srinvul[50],packstring[5]; data/d1x-rebirth-0.58.1/main/net_udp.c:2880:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( KillText, "Kill Goal: %d kills", Netgame.KillGoal*5); data/d1x-rebirth-0.58.1/main/net_udp.c:2926:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Netgame.PacketsPerSec=atoi(packstring); data/d1x-rebirth-0.58.1/main/net_udp.c:2941:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(UDP_MyPort)) < 0 ||(atoi(UDP_MyPort)) > 65535) data/d1x-rebirth-0.58.1/main/net_udp.c:2941:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(UDP_MyPort)) < 0 ||(atoi(UDP_MyPort)) > 65535) data/d1x-rebirth-0.58.1/main/net_udp.c:2993:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( menus[opt_killgoal].text, "Kill Goal: %d kills", Netgame.KillGoal*5); data/d1x-rebirth-0.58.1/main/net_udp.c:3040:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( menus[opt->maxnet].text, "Maximum players: %d", menus[opt->maxnet].value+2 ); data/d1x-rebirth-0.58.1/main/net_udp.c:3058:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( menus[opt->maxnet].text, "Maximum players: %d", menus[opt->maxnet].value+2 ); data/d1x-rebirth-0.58.1/main/net_udp.c:3067:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Netgame.levelnum = atoi(slevel); data/d1x-rebirth-0.58.1/main/net_udp.c:3070:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Netgame.levelnum = -atoi(slevel+1); data/d1x-rebirth-0.58.1/main/net_udp.c:3072:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Netgame.levelnum = atoi(slevel); data/d1x-rebirth-0.58.1/main/net_udp.c:3084:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( menus[opt->maxnet].text, "Maximum players: %d", menus[opt->maxnet].value+2 ); data/d1x-rebirth-0.58.1/main/net_udp.c:3155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slevel[5]; data/d1x-rebirth-0.58.1/main/net_udp.c:3156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char level_text[32]; data/d1x-rebirth-0.58.1/main/net_udp.c:3157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srmaxnet[50]; data/d1x-rebirth-0.58.1/main/net_udp.c:3211:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(level_text+strlen(level_text)-1, ", S1-S%d)", -Last_secret_level); data/d1x-rebirth-0.58.1/main/net_udp.c:3213:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(level_text+strlen(level_text)-1, ", S1)"); data/d1x-rebirth-0.58.1/main/net_udp.c:3239:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( srmaxnet, "Maximum players: %d", Netgame.max_numplayers); data/d1x-rebirth-0.58.1/main/net_udp.c:3284:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_callsign[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/net_udp.c:3310:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp_callsign, Players[Player_num].callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:3328:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( Players[i].callsign, Netgame.players[i].callsign, CALLSIGN_LEN+1 ); data/d1x-rebirth-0.58.1/main/net_udp.c:3454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char team_names[2][CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/net_udp.c:3529:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[MAX_PLAYERS][45]; data/d1x-rebirth-0.58.1/main/net_udp.c:3530:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[50]; data/d1x-rebirth-0.58.1/main/net_udp.c:3639:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Netgame.players[N_players].callsign, Netgame.players[i].callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/net_udp.c:3668:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = udp_open_socket(0, atoi(UDP_MyPort)); data/d1x-rebirth-0.58.1/main/net_udp.c:3673:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(UDP_MyPort) != UDP_PORT_DEFAULT) data/d1x-rebirth-0.58.1/main/net_udp.c:3716:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[60]; data/d1x-rebirth-0.58.1/main/net_udp.c:3744:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( me.player.callsign, Players[Player_num].callsign, CALLSIGN_LEN+1 ); data/d1x-rebirth-0.58.1/main/net_udp.c:4001:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &UDP_MData.mbuf[UDP_MData.mbuf_size], ptr, len ); data/d1x-rebirth-0.58.1/main/net_udp.c:4195:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &UDP_mdata_queue[found].player_ack, player_ack, sizeof(ubyte)*MAX_PLAYERS); data/d1x-rebirth-0.58.1/main/net_udp.c:4196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &UDP_mdata_queue[found].data, data, sizeof(char)*data_size ); data/d1x-rebirth-0.58.1/main/net_udp.c:4328:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[len], UDP_mdata_queue[queuec].data, sizeof(char)*UDP_mdata_queue[queuec].data_size); data/d1x-rebirth-0.58.1/main/net_udp.c:4411:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[len], data, sizeof(char)*data_len); len += data_len; data/d1x-rebirth-0.58.1/main/net_udp.c:4448:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[len], UDP_MData.mbuf, sizeof(char)*UDP_MData.mbuf_size); len += UDP_MData.mbuf_size; data/d1x-rebirth-0.58.1/main/net_udp.c:4568:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + len, &spp.bytemat, 9); len += 9; data/d1x-rebirth-0.58.1/main/net_udp.c:4633:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pd.ptype.spp.bytemat, &(data[len]), 9); len += 9; data/d1x-rebirth-0.58.1/main/net_udp.c:4757:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[len], &time, 8); len += 8; data/d1x-rebirth-0.58.1/main/net_udp.c:4784:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&host_ping_time, &data[len], 8); len += 8; data/d1x-rebirth-0.58.1/main/net_udp.c:4792:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[2], &host_ping_time, 8); data/d1x-rebirth-0.58.1/main/net_udp.c:4812:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&client_pong_time, &data[2], 8); data/d1x-rebirth-0.58.1/main/net_udp.c:5094:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rinfo[512],*info=rinfo; data/d1x-rebirth-0.58.1/main/net_udp.c:5103:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. info+=sprintf(info,"Descent: First Strike"); data/d1x-rebirth-0.58.1/main/net_udp.c:5109:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. info+=sprintf (info," - Lvl %i",netgame->levelnum); data/d1x-rebirth-0.58.1/main/net_udp.c:5113:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. info+=sprintf (info," - Lvl S%i",(netgame->levelnum*-1)); data/d1x-rebirth-0.58.1/main/net_udp.c:5119:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. info+=sprintf (info,"\nPlayers: %i/%i",netgame->numplayers,netgame->max_numplayers); data/d1x-rebirth-0.58.1/main/net_udp.h:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char game_name[NETGAME_NAME_LEN+1]; data/d1x-rebirth-0.58.1/main/net_udp.h:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_title[MISSION_NAME_LEN+1]; data/d1x-rebirth-0.58.1/main/net_udp.h:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_name[9]; data/d1x-rebirth-0.58.1/main/newdemo.c:166:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nd_playback_v_save_callsign[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/newdemo.c:1385:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_mission[9]; data/d1x-rebirth-0.58.1/main/newdemo.c:1542:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(current_mission, "DESTSAT"); data/d1x-rebirth-0.58.1/main/newdemo.c:1947:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hud_msg[60]; data/d1x-rebirth-0.58.1/main/newdemo.c:2339:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_callsign[CALLSIGN_LEN+1], old_callsign[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/newdemo.c:2364:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Players[pnum].callsign, old_callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/newdemo.c:2374:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Players[pnum].callsign, new_callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/newdemo.c:2827:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(cur_objs[i]), &(Objects[i]), sizeof(object)); data/d1x-rebirth-0.58.1/main/newdemo.c:2904:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(Objects[i]), &(cur_objs[i]), sizeof(object)); data/d1x-rebirth-0.58.1/main/newdemo.c:3035:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(cur_objs[i]), &(Objects[i]), sizeof(object)); data/d1x-rebirth-0.58.1/main/newdemo.c:3058:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(Objects[j].orient), &(cur_objs[i].orient), sizeof(vms_matrix)); data/d1x-rebirth-0.58.1/main/newdemo.c:3059:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(Objects[j].pos), &(cur_objs[i].pos), sizeof(vms_vector)); data/d1x-rebirth-0.58.1/main/newdemo.c:3184:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char filename[PATH_MAX] = "", *s; data/d1x-rebirth-0.58.1/main/newdemo.c:3186:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[PATH_MAX] = DEMO_DIR; data/d1x-rebirth-0.58.1/main/newdemo.c:3203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfile[PATH_MAX]; data/d1x-rebirth-0.58.1/main/newdemo.c:3211:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num = atoi(&(filename[i])); data/d1x-rebirth-0.58.1/main/newdemo.c:3234:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save_file[PATH_MAX]; data/d1x-rebirth-0.58.1/main/newdemo.c:3291:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename2[PATH_MAX+FILENAME_LEN] = DEMO_DIR; data/d1x-rebirth-0.58.1/main/newdemo.c:3395:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inpath[PATH_MAX+FILENAME_LEN] = DEMO_DIR; data/d1x-rebirth-0.58.1/main/newdemo.c:3441:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bakpath[PATH_MAX+FILENAME_LEN]; data/d1x-rebirth-0.58.1/main/newmenu.c:202:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p,*s1,*s2,measure[2]; data/d1x-rebirth-0.58.1/main/newmenu.c:398:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[10]; data/d1x-rebirth-0.58.1/main/newmenu.c:402:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( text, "%d", item->value ); data/d1x-rebirth-0.58.1/main/newmenu.c:728:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slider_text[NM_MAX_TEXT_LEN+1], *p, *s1; data/d1x-rebirth-0.58.1/main/newmenu.c:1252:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_text[20]; data/d1x-rebirth-0.58.1/main/newmenu.c:1254:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( test_text, "%d", menu->items[i].max_value ); data/d1x-rebirth-0.58.1/main/newmenu.c:1257:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( test_text, "%d", menu->items[i].min_value ); data/d1x-rebirth-0.58.1/main/newmenu.c:1611:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nm_text[MESSAGEBOX_TEXT_SIZE]; data/d1x-rebirth-0.58.1/main/newmenu.c:1638:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nm_text[MESSAGEBOX_TEXT_SIZE]; data/d1x-rebirth-0.58.1/main/newmenu.c:2174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nm_text[MESSAGEBOX_TEXT_SIZE]; data/d1x-rebirth-0.58.1/main/newmenu.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saved_text[NM_MAX_TEXT_LEN+1]; data/d1x-rebirth-0.58.1/main/object.c:120:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Object_type_names[MAX_OBJECT_TYPES][9] = { data/d1x-rebirth-0.58.1/main/object.h:125:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Object_type_names[MAX_OBJECT_TYPES][9]; data/d1x-rebirth-0.58.1/main/piggy.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[15]; data/d1x-rebirth-0.58.1/main/piggy.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[15]; data/d1x-rebirth-0.58.1/main/piggy.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/d1x-rebirth-0.58.1/main/piggy.c:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/d1x-rebirth-0.58.1/main/piggy.c:272:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_name_read[16]; data/d1x-rebirth-0.58.1/main/piggy.c:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_name[16]; data/d1x-rebirth-0.58.1/main/piggy.c:409:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_name_read, bmh.name, 8 ); data/d1x-rebirth-0.58.1/main/piggy.c:456:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_name_read, sndh.name, 8 ); data/d1x-rebirth-0.58.1/main/piggy.c:509:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char soundfile[32] = "Sounds/sounds.array"; data/d1x-rebirth-0.58.1/main/piggy.c:531:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(soundfile, "SND%04d.raw", i); data/d1x-rebirth-0.58.1/main/piggy.c:588:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * crit_errors[13] = { "Write Protected", "Unknown Unit", "Drive Not Ready", "Unknown Command", "CRC Error", data/d1x-rebirth-0.58.1/main/piggy.c:660:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &Piggy_bitmap_cache_data[Piggy_bitmap_cache_next], &zsize, sizeof(int) ); data/d1x-rebirth-0.58.1/main/piggy.c:671:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&zsize, bmp->bm_data, 4); data/d1x-rebirth-0.58.1/main/piggy.c:743:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subst_name[32]; data/d1x-rebirth-0.58.1/main/piggy.c:838:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(p1); data/d1x-rebirth-0.58.1/main/piggy.c:845:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( bmh.name, AllBitmaps[i].name, 8 ); data/d1x-rebirth-0.58.1/main/piggy.c:853:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( bmh.name, AllBitmaps[i].name, 8 ); data/d1x-rebirth-0.58.1/main/piggy.c:1004:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * gauge_bitmap_names[NUM_GAUGE_BITMAPS] = { "gauge01", "gauge02", "gauge06", "targ01", "targ02", "targ03", "targ04", "targ05", "targ06", "gauge18", "targ01pc", "targ02pc", "targ03pc", "gaug18pc" }; data/d1x-rebirth-0.58.1/main/piggy.c:1021:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base_name[ 16 ]; data/d1x-rebirth-0.58.1/main/piggy.c:1026:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). frame = atoi( &p[1] ); data/d1x-rebirth-0.58.1/main/player.h:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[CALLSIGN_LEN+1]; // The callsign of this player, for net purposes. data/d1x-rebirth-0.58.1/main/player.h:116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[CALLSIGN_LEN+1]; // The callsign of this player, for net purposes. data/d1x-rebirth-0.58.1/main/playsave.c:72:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PlayerCfg.KeySettings, DefaultKeySettings, sizeof(DefaultKeySettings)); data/d1x-rebirth-0.58.1/main/playsave.c:73:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PlayerCfg.KeySettingsD1X, DefaultKeySettingsD1X, sizeof(DefaultKeySettingsD1X)); data/d1x-rebirth-0.58.1/main/playsave.c:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[50],*word; data/d1x-rebirth-0.58.1/main/playsave.c:171:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.KeyboardSens[0] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:173:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.KeyboardSens[1] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:175:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.KeyboardSens[2] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:177:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.KeyboardSens[3] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:179:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.KeyboardSens[4] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:196:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickSens[0] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:198:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickSens[1] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:200:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickSens[2] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:202:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickSens[3] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:204:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickSens[4] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:206:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickSens[5] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:208:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickDead[0] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:210:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickDead[1] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:212:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickDead[2] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:214:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickDead[3] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:216:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickDead[4] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:218:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.JoystickDead[5] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:235:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseFlightSim = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:237:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseSens[0] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:239:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseSens[1] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:241:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseSens[2] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:243:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseSens[3] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:245:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseSens[4] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:247:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseSens[5] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:249:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseFSDead = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:251:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MouseFSIndicator = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:267:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int i=atoi(word); data/d1x-rebirth-0.58.1/main/playsave.c:292:60: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.CockpitMode[0] = PlayerCfg.CockpitMode[1] = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:294:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.HudMode = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:296:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.ReticleType = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:300:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.ReticleSize = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:317:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.PersistentDebris = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:319:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.PRShot = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:321:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.NoRedundancy = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:323:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.MultiMessages = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:325:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.NoRankings = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:327:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.BombGauge = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:329:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.AutomapFreeFlight = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:331:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.NoFireAutoselect = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:333:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.CycleAutoselectOnly = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:350:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.AlphaEffects = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:352:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PlayerCfg.DynLightColor = atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/playsave.c:456:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256],*word; data/d1x-rebirth-0.58.1/main/playsave.c:462:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *k=atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:470:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *d=atoi(line); data/d1x-rebirth-0.58.1/main/playsave.c:507:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/playsave.c:508:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[16],buf2[16],a; data/d1x-rebirth-0.58.1/main/playsave.c:586:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempfile[PATH_MAX]; data/d1x-rebirth-0.58.1/main/playsave.c:590:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tempfile,".pl$"); data/d1x-rebirth-0.58.1/main/playsave.c:692:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/playsave.c:868:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filename, ".plx"); data/d1x-rebirth-0.58.1/main/playsave.c:948:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/playsave.c:997:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[MAX_MESSAGE_LEN][4]; data/d1x-rebirth-0.58.1/main/playsave.c:1046:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX], line[50], *token, *value, *ptr; data/d1x-rebirth-0.58.1/main/playsave.c:1120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/playsave.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[GAME_NAME_LEN+1]; //extra char for terminating zero data/d1x-rebirth-0.58.1/main/playsave.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Shortname[9]; data/d1x-rebirth-0.58.1/main/playsave.h:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NetworkMessageMacro[4][MAX_MESSAGE_LEN]; data/d1x-rebirth-0.58.1/main/polyobj.c:101:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &bufp[Pof_addr], elsize*nelem); data/d1x-rebirth-0.58.1/main/polyobj.c:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur_new, cur_old, chunk_len); data/d1x-rebirth-0.58.1/main/polyobj.c:252:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur_new, cur_old, chunk_len); data/d1x-rebirth-0.58.1/main/polyobj.c:264:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pm->model_data, tmp, pm->model_data_size); data/d1x-rebirth-0.58.1/main/polyobj.c:392:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_buf[128]; data/d1x-rebirth-0.58.1/main/polyobj.c:659:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Pof_names[MAX_POLYGON_MODELS][13]; data/d1x-rebirth-0.58.1/main/polyobj.h:71:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Pof_names[MAX_POLYGON_MODELS][13]; data/d1x-rebirth-0.58.1/main/powerup.h:80:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Powerup_names[MAX_POWERUP_TYPES][POWERUP_NAME_LENGTH]; data/d1x-rebirth-0.58.1/main/render.c:877:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char visited2[MAX_SEGMENTS]; data/d1x-rebirth-0.58.1/main/render.c:880:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char visited[MAX_SEGMENTS]; data/d1x-rebirth-0.58.1/main/render.h:75:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char visited[MAX_SEGMENTS]; data/d1x-rebirth-0.58.1/main/robot.h:89:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Robot_names[MAX_ROBOT_TYPES][ROBOT_NAME_LENGTH]; data/d1x-rebirth-0.58.1/main/scores.c:58:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/scores.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signature[3]; // DHS data/d1x-rebirth-0.58.1/main/scores.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cool_saying[COOL_MESSAGE_LEN]; data/d1x-rebirth-0.58.1/main/scores.c:90:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[0].name, "Parallax" ); data/d1x-rebirth-0.58.1/main/scores.c:91:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[1].name, "Mike" ); data/d1x-rebirth-0.58.1/main/scores.c:92:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[2].name, "Matt" ); data/d1x-rebirth-0.58.1/main/scores.c:93:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[3].name, "John" ); data/d1x-rebirth-0.58.1/main/scores.c:94:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[4].name, "Yuan" ); data/d1x-rebirth-0.58.1/main/scores.c:95:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[5].name, "Adam" ); data/d1x-rebirth-0.58.1/main/scores.c:96:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[6].name, "Mark" ); data/d1x-rebirth-0.58.1/main/scores.c:97:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[7].name, "Allender" ); data/d1x-rebirth-0.58.1/main/scores.c:98:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[8].name, "Jasen" ); data/d1x-rebirth-0.58.1/main/scores.c:99:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores->stats[9].name, "Rob" ); data/d1x-rebirth-0.58.1/main/scores.c:143:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20],*p; data/d1x-rebirth-0.58.1/main/scores.c:145:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%d", number ); data/d1x-rebirth-0.58.1/main/scores.c:150:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( dest, "%d", number ); data/d1x-rebirth-0.58.1/main/scores.c:210:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text1[COOL_MESSAGE_LEN+10]; data/d1x-rebirth-0.58.1/main/scores.c:241:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( scores.cool_saying, "No Comment" ); data/d1x-rebirth-0.58.1/main/scores.c:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/d1x-rebirth-0.58.1/main/scores.c:285:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/d1x-rebirth-0.58.1/main/songs.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inputline[80+1]; data/d1x-rebirth-0.58.1/main/songs.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sng_file[PATH_MAX]; data/d1x-rebirth-0.58.1/main/songs.h:11:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[16]; data/d1x-rebirth-0.58.1/main/state.c:92:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dgss_id[4] = "DGSS"; data/d1x-rebirth-0.58.1/main/state.c:415:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pl_rw->callsign, pl->callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/state.c:416:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pl_rw->net_address, pl->net_address, 6); data/d1x-rebirth-0.58.1/main/state.c:466:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pl->callsign, pl_rw->callsign, CALLSIGN_LEN+1); data/d1x-rebirth-0.58.1/main/state.c:467:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pl->net_address, pl_rw->net_address, 6); data/d1x-rebirth-0.58.1/main/state.c:573:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[NUM_SAVES][PATH_MAX]; data/d1x-rebirth-0.58.1/main/state.c:574:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[NUM_SAVES][DESC_LENGTH + 16]; data/d1x-rebirth-0.58.1/main/state.c:576:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5], dummy_callsign[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/state.c:670:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[DESC_LENGTH+1]; data/d1x-rebirth-0.58.1/main/state.c:671:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/state.c:672:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_filename[9]; data/d1x-rebirth-0.58.1/main/state.c:791:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX], desc[DESC_LENGTH+1]; data/d1x-rebirth-0.58.1/main/state.c:823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission_filename[9]; data/d1x-rebirth-0.58.1/main/state.c:1077:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/d1x-rebirth-0.58.1/main/state.c:1121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mission[16]; data/d1x-rebirth-0.58.1/main/state.c:1122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[DESC_LENGTH+1]; data/d1x-rebirth-0.58.1/main/state.c:1123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5]; data/d1x-rebirth-0.58.1/main/state.c:1124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char org_callsign[CALLSIGN_LEN+16]; data/d1x-rebirth-0.58.1/main/state.c:1160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saved_callsign[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/state.c:1421:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&restore_objects[i], obj, sizeof(object)); data/d1x-rebirth-0.58.1/main/state.c:1436:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&Players[i], &restore_players[j], sizeof(player)); data/d1x-rebirth-0.58.1/main/state.c:1500:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5], saved_callsign[CALLSIGN_LEN+1]; data/d1x-rebirth-0.58.1/main/text.c:34:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Text_string[N_TEXT_STRINGS]; data/d1x-rebirth-0.58.1/main/titles.c:133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_filename[PATH_MAX] = ""; data/d1x-rebirth-0.58.1/main/titles.c:143:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(new_filename,"\x01"); //only read from hog file data/d1x-rebirth-0.58.1/main/titles.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char publisher[PATH_MAX]; data/d1x-rebirth-0.58.1/main/titles.c:182:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(publisher, "macplay.pcx"); // Mac Shareware data/d1x-rebirth-0.58.1/main/titles.c:184:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(publisher, "mplaycd.pcx"); // Mac Registered data/d1x-rebirth-0.58.1/main/titles.c:186:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(publisher, "iplogo1.pcx"); // PC. Only down here because it's lowres ;-) data/d1x-rebirth-0.58.1/main/titles.c:195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exit_screen[PATH_MAX]; data/d1x-rebirth-0.58.1/main/titles.c:200:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exit_screen, "warning.pcx"); // D1 Registered data/d1x-rebirth-0.58.1/main/titles.c:202:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exit_screen, "apple.pcx"); // D1 Mac OEM Demo data/d1x-rebirth-0.58.1/main/titles.c:204:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exit_screen, "order01.pcx"); // D1 Demo data/d1x-rebirth-0.58.1/main/titles.c:211:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bs_name[PATH_MAX]; // filename, eg merc01. Assumes .lbm suffix. data/d1x-rebirth-0.58.1/main/titles.c:305:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char background_name[PATH_MAX]; data/d1x-rebirth-0.58.1/main/titles.c:320:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitmap_name[32]; data/d1x-rebirth-0.58.1/main/titles.c:463:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2]; data/d1x-rebirth-0.58.1/main/titles.c:538:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(br->bitmap_name, "#0"); data/d1x-rebirth-0.58.1/main/titles.c:549:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(br->bitmap_name, "#0"); data/d1x-rebirth-0.58.1/main/titles.c:553:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitmap_name[32]; data/d1x-rebirth-0.58.1/main/titles.c:565:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bitmap_name, ".bbm"); data/d1x-rebirth-0.58.1/main/titles.c:647:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[2]; data/d1x-rebirth-0.58.1/main/titles.c:877:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname2[PATH_MAX], forigin[PATH_MAX]; data/d1x-rebirth-0.58.1/main/titles.c:933:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(br->screen, &Briefing_screens[br->cur_screen], sizeof(briefing_screen)); data/d1x-rebirth-0.58.1/main/vers_id.c:7:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char g_descent_version[40] = "D1X-Rebirth " DESCENT_VERSION_EXTRA; data/d1x-rebirth-0.58.1/main/vers_id.c:8:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char g_descent_build_datetime[21] = __DATE__ " " __TIME__; data/d1x-rebirth-0.58.1/main/vers_id.h:17:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char g_descent_version[40]; data/d1x-rebirth-0.58.1/main/vers_id.h:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char g_descent_build_datetime[21]; data/d1x-rebirth-0.58.1/main/wall.c:74:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Wall_names[7][10] = { data/d1x-rebirth-0.58.1/main/wall.h:120:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fix open; // How long it has been open. data/d1x-rebirth-0.58.1/main/wall.h:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[13]; data/d1x-rebirth-0.58.1/main/wall.h:162:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char Wall_names[7][10]; data/d1x-rebirth-0.58.1/mem/mem.c:42:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char Present[MAX_INDEX]; data/d1x-rebirth-0.58.1/mem/mem.c:43:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char * Filename[MAX_INDEX]; data/d1x-rebirth-0.58.1/mem/mem.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char * Varname[MAX_INDEX]; data/d1x-rebirth-0.58.1/mem/mem.c:180:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CheckData = (ubyte *)((char *)MallocBase[block_number] + MallocSize[block_number]); data/d1x-rebirth-0.58.1/mem/mem.c:272:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuffer, buffer, size); data/d1x-rebirth-0.58.1/misc/args.c:39:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * Args[MAX_ARGS]; data/d1x-rebirth-0.58.1/misc/args.c:114:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return ((t = FindArg(arg_name)) ? atoi(Args[t+1]) : default_value); data/d1x-rebirth-0.58.1/misc/error.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warn_message[MAX_MSG_LEN]; data/d1x-rebirth-0.58.1/misc/error.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exit_message[MAX_MSG_LEN]="Error: "; // don't put the new line in for dialog output data/d1x-rebirth-0.58.1/misc/error.c:89:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(warn_message,"Warning: "); data/d1x-rebirth-0.58.1/misc/hmp.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/d1x-rebirth-0.58.1/misc/hmp.c:330:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *)p, hmp->pending, i); data/d1x-rebirth-0.58.1/misc/hmp.c:644:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &b, 1); data/d1x-rebirth-0.58.1/misc/hmp.c:666:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &b, 1); data/d1x-rebirth-0.58.1/misc/hmp.c:674:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], data, 3 + data[2]); data/d1x-rebirth-0.58.1/misc/hmp.c:692:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &lc1, 1); data/d1x-rebirth-0.58.1/misc/hmp.c:696:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], data + 1, 2); data/d1x-rebirth-0.58.1/misc/hmp.c:705:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &lc1, 1); data/d1x-rebirth-0.58.1/misc/hmp.c:709:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], data + 1, 1); data/d1x-rebirth-0.58.1/misc/hmp.c:739:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], "MThd", 4); data/d1x-rebirth-0.58.1/misc/hmp.c:743:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &mi, sizeof(mi)); data/d1x-rebirth-0.58.1/misc/hmp.c:747:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &ms, sizeof(ms)); data/d1x-rebirth-0.58.1/misc/hmp.c:751:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &ms, sizeof(ms)); data/d1x-rebirth-0.58.1/misc/hmp.c:755:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &ms, sizeof(ms)); data/d1x-rebirth-0.58.1/misc/hmp.c:758:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], &tempo, sizeof(tempo)); data/d1x-rebirth-0.58.1/misc/hmp.c:767:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[*midlen], "MTrk", 4); data/d1x-rebirth-0.58.1/misc/hmp.c:775:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*midbuf)[midtrklenpos], &mi, 4); data/d1x-rebirth-0.58.1/misc/ignorecase.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/d1x-rebirth-0.58.1/misc/ignorecase.c:173:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "/a/b/c/x.txt"); data/d1x-rebirth-0.58.1/misc/ignorecase.c:178:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "/a/B/c/x.txt"); data/d1x-rebirth-0.58.1/misc/ignorecase.c:183:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "/a/b/C/x.txt"); data/d1x-rebirth-0.58.1/misc/ignorecase.c:188:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "/a/b/c/X.txt"); data/d1x-rebirth-0.58.1/misc/ignorecase.c:193:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "/a/b/c/z.txt"); data/d1x-rebirth-0.58.1/misc/ignorecase.c:198:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "/A/B/Z/z.txt"); data/d1x-rebirth-0.58.1/misc/physfsx.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullPath[PATH_MAX + 5]; data/d1x-rebirth-0.58.1/misc/physfsx.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base_dir[PATH_MAX]; data/d1x-rebirth-0.58.1/misc/physfsx.c:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ancestor[PATH_MAX + 5]; // the directory which actually exists data/d1x-rebirth-0.58.1/misc/physfsx.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char child[PATH_MAX + 5]; // the directory relative to the above we're trying to make data/d1x-rebirth-0.58.1/misc/physfsx.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char relname2[PATH_MAX], pathname[PATH_MAX]; data/d1x-rebirth-0.58.1/misc/physfsx.c:183:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char relname2[PATH_MAX], pathname[PATH_MAX]; data/d1x-rebirth-0.58.1/misc/physfsx.c:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hogname2[PATH_MAX]; data/d1x-rebirth-0.58.1/misc/physfsx.c:316:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old[PATH_MAX], new[PATH_MAX]; data/d1x-rebirth-0.58.1/misc/physfsx.c:401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename2[PATH_MAX]; data/d1x-rebirth-0.58.1/misc/physfsx.c:417:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename2[PATH_MAX]; data/d1x-rebirth-0.58.1/misc/physfsx.c:464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file[2]; data/d1x-rebirth-0.58.1/misc/physfsx.c:523:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file[2]; data/d1x-rebirth-0.58.1/misc/strutil.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/d1x-rebirth-0.58.1/ui/dialog.c:57:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char SavedState[256]; data/d1x-rebirth-0.58.1/ui/dialog.c:564:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/d1x-rebirth-0.58.1/ui/dialog.c:577:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/d1x-rebirth-0.58.1/ui/file.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/d1x-rebirth-0.58.1/ui/file.c:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char view_dir[PATH_MAX]; data/d1x-rebirth-0.58.1/ui/file.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[35]; data/d1x-rebirth-0.58.1/ui/file.c:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char InputText[PATH_MAX]; data/d1x-rebirth-0.58.1/ui/keypad.c:305:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/d1x-rebirth-0.58.1/ui/keypad.c:306:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/d1x-rebirth-0.58.1/ui/keypad.c:307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_buffer[200]; data/d1x-rebirth-0.58.1/ui/keypress.c:27:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * KeyDesc[256] = { \ data/d1x-rebirth-0.58.1/ui/keypress.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Ctrl[10]; data/d1x-rebirth-0.58.1/ui/keypress.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Alt[10]; data/d1x-rebirth-0.58.1/ui/keypress.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Shift[10]; data/d1x-rebirth-0.58.1/ui/keypress.c:59:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( Ctrl, "{Ctrl}"); data/d1x-rebirth-0.58.1/ui/keypress.c:64:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( Alt, "{Alt}"); data/d1x-rebirth-0.58.1/ui/keypress.c:69:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( Shift, "{Shift}"); data/d1x-rebirth-0.58.1/ui/keypress.c:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/d1x-rebirth-0.58.1/ui/menubar.c:763:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/d1x-rebirth-0.58.1/ui/menubar.c:764:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[200]; data/d1x-rebirth-0.58.1/ui/menubar.c:765:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[200]; data/d1x-rebirth-0.58.1/ui/menubar.c:786:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). menu = atoi( buf1 ); data/d1x-rebirth-0.58.1/ui/menubar.c:791:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). item = atoi(buf1 ); data/d1x-rebirth-0.58.1/ui/message.c:219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * Button[10]; data/d1x-rebirth-0.58.1/ui/popup.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * Button[10]; data/d1x-rebirth-0.58.1/ui/scroll.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up[2]; data/d1x-rebirth-0.58.1/ui/scroll.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char down[2]; data/d1x-rebirth-0.58.1/2d/font.c:989:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(open_font[fontnum].filename,fontname,FILENAME_LEN); data/d1x-rebirth-0.58.1/2d/pcx.c:429:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p)+1; data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:147:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). empty = (fgetc(file) == EOF) ? 1 : 0; data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:155:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). empty = (fgetc(file) == EOF) ? 1 : 0; data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:208:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (prefs_name + app_name[0] + 1, SUFFIX, strlen (SUFFIX)); data/d1x-rebirth-0.58.1/arch/carbon/SDL_main.c:209:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefs_name[0] = app_name[0] + strlen (SUFFIX); data/d1x-rebirth-0.58.1/arch/sdl/digi_mixer_music.c:67:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). &filename[1 + (!strncmp(&filename[1], PHYSFS_getDirSeparator(), strlen(PHYSFS_getDirSeparator())) ? data/d1x-rebirth-0.58.1/arch/sdl/digi_mixer_music.c:68:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(PHYSFS_getDirSeparator()) : 0)]); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:72:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(abspath, GameCfg.CMLevelMusicPath, PATH_MAX - 1); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:157:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!d_stricmp(&GameCfg.CMLevelMusicPath[strlen(GameCfg.CMLevelMusicPath) - 4], ".m3u")) data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:167:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(GameCfg.CMLevelMusicPath) >= strlen(sep)) data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:167:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(GameCfg.CMLevelMusicPath) >= strlen(sep)) data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:169:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = GameCfg.CMLevelMusicPath + strlen(GameCfg.CMLevelMusicPath) - strlen(sep); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:169:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = GameCfg.CMLevelMusicPath + strlen(GameCfg.CMLevelMusicPath) - strlen(sep); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:171:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(GameCfg.CMLevelMusicPath, sep, PATH_MAX - 1 - strlen(GameCfg.CMLevelMusicPath)); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:171:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(GameCfg.CMLevelMusicPath, sep, PATH_MAX - 1 - strlen(GameCfg.CMLevelMusicPath)); data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:248:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_full_filename = strlen(GameCfg.CMLevelMusicPath)+strlen(music_filename)+1; data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:248:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_full_filename = strlen(GameCfg.CMLevelMusicPath)+strlen(music_filename)+1; data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:251:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!d_stricmp(&GameCfg.CMLevelMusicPath[strlen(GameCfg.CMLevelMusicPath) - 4], ".m3u")) // if it's from an M3U playlist data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:263:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(music_filename) >= MUSIC_HUDMSG_MAXLEN) { data/d1x-rebirth-0.58.1/arch/sdl/jukebox.c:265:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(hud_msg_buf, &music_filename[strlen(music_filename) - MUSIC_HUDMSG_MAXLEN], MUSIC_HUDMSG_MAXLEN); data/d1x-rebirth-0.58.1/arch/sdl/key.c:332:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset=strlen((const char*)unibuffer); data/d1x-rebirth-0.58.1/editor/ehostage.c:371:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(h->hostageText->text, " " ); data/d1x-rebirth-0.58.1/editor/ehostage.c:373:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h->hostageText->position = strlen(h->hostageText->text); data/d1x-rebirth-0.58.1/editor/group.c:1154:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(current_tmap_list[i], TmapInfo[i].filename, 13); data/d1x-rebirth-0.58.1/editor/group.c:1425:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=1; i<strlen(f); i++ ) data/d1x-rebirth-0.58.1/editor/kgame.c:39:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=1; i<strlen(f); i++ ) data/d1x-rebirth-0.58.1/editor/medrobot.c:694:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(id_text, Robot_names[Cur_goody_id], strlen(Robot_names[Cur_goody_id])); data/d1x-rebirth-0.58.1/editor/medrobot.c:694:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(id_text, Robot_names[Cur_goody_id], strlen(Robot_names[Cur_goody_id])); data/d1x-rebirth-0.58.1/editor/medrobot.c:698:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(id_text, Powerup_names[Cur_goody_id], strlen(Powerup_names[Cur_goody_id])); data/d1x-rebirth-0.58.1/editor/medrobot.c:698:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(id_text, Powerup_names[Cur_goody_id], strlen(Powerup_names[Cur_goody_id])); data/d1x-rebirth-0.58.1/editor/medrobot.c:705:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(id_text, Powerup_names[Cur_goody_id], strlen(Powerup_names[Cur_goody_id])); data/d1x-rebirth-0.58.1/editor/medrobot.c:705:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(id_text, Powerup_names[Cur_goody_id], strlen(Powerup_names[Cur_goody_id])); data/d1x-rebirth-0.58.1/editor/medrobot.c:722:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(id_text, Robot_names[id], strlen(Robot_names[id])); data/d1x-rebirth-0.58.1/editor/medrobot.c:722:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(id_text, Robot_names[id], strlen(Robot_names[id])); data/d1x-rebirth-0.58.1/editor/mine.c:103:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(current_tmap_list[i], TmapInfo[i].filename, 13); data/d1x-rebirth-0.58.1/editor/texpage.c:61:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=strlen(name);i<12;i++) data/d1x-rebirth-0.58.1/iff/iff.c:1003:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p)+1; data/d1x-rebirth-0.58.1/include/physfsx.h:75:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(s); data/d1x-rebirth-0.58.1/include/physfsx.h:89:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(s); data/d1x-rebirth-0.58.1/include/physfsx.h:99:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return PHYSFS_write(file, s, 1, strlen(s) + 1); data/d1x-rebirth-0.58.1/include/physfsx.h:104:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return PHYSFS_write(file, s, 1, strlen(s)); data/d1x-rebirth-0.58.1/main/bmread.c:420:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (inputline[(l=strlen(inputline))-2]=='\\') { data/d1x-rebirth-0.58.1/main/bmread.c:433:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(inputline) == LINEBUF_SIZE-1) data/d1x-rebirth-0.58.1/main/bmread.c:1097:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(equal_ptr) < ROBOT_NAME_LENGTH); // Oops, name too long. data/d1x-rebirth-0.58.1/main/bmread.c:1099:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name[strlen(name)-1] = 0; data/d1x-rebirth-0.58.1/main/bmread.c:1705:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(equal_ptr) < POWERUP_NAME_LENGTH); // Oops, name too long. data/d1x-rebirth-0.58.1/main/bmread.c:1707:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Powerup_names[n][strlen(Powerup_names[n])-1] = 0; data/d1x-rebirth-0.58.1/main/config.c:153:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.CMLevelMusicPath, value, PATH_MAX ); data/d1x-rebirth-0.58.1/main/config.c:159:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.CMMiscMusic[SONG_TITLE], value, PATH_MAX ); data/d1x-rebirth-0.58.1/main/config.c:165:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.CMMiscMusic[SONG_BRIEFING], value, PATH_MAX ); data/d1x-rebirth-0.58.1/main/config.c:171:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.CMMiscMusic[SONG_ENDLEVEL], value, PATH_MAX ); data/d1x-rebirth-0.58.1/main/config.c:177:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.CMMiscMusic[SONG_ENDGAME], value, PATH_MAX ); data/d1x-rebirth-0.58.1/main/config.c:183:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.CMMiscMusic[SONG_CREDITS], value, PATH_MAX ); data/d1x-rebirth-0.58.1/main/config.c:193:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.LastPlayer, value, CALLSIGN_LEN ); data/d1x-rebirth-0.58.1/main/config.c:199:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( GameCfg.LastMission, value, MISSION_NAME_LEN ); data/d1x-rebirth-0.58.1/main/console.c:45:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buffer[strlen(buffer)-1] == '\n') data/d1x-rebirth-0.58.1/main/console.c:46:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). con_buffer[CON_LINES_MAX-1].line[strlen(buffer)-1]='\0'; data/d1x-rebirth-0.58.1/main/console.c:97:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buffer[strlen(buffer)-1] == '\n' && strlen(buffer) <= CON_LINE_LENGTH) data/d1x-rebirth-0.58.1/main/console.c:97:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buffer[strlen(buffer)-1] == '\n' && strlen(buffer) <= CON_LINE_LENGTH) data/d1x-rebirth-0.58.1/main/console.c:99:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer[strlen(buffer)-1]='\r'; data/d1x-rebirth-0.58.1/main/console.c:100:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer[strlen(buffer)]='\n'; data/d1x-rebirth-0.58.1/main/custom.c:74:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/d1x-rebirth-0.58.1/main/custom.c:75:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extlen = strlen(newext); data/d1x-rebirth-0.58.1/main/custom.c:85:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(filename, "."); data/d1x-rebirth-0.58.1/main/custom.c:655:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(custom_file, level_name, 63); data/d1x-rebirth-0.58.1/main/dumpmine.c:536:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(filename); data/d1x-rebirth-0.58.1/main/endlevel.c:1378:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p=line+strlen(line)-1;p>line && isspace(*p);*p--=0); data/d1x-rebirth-0.58.1/main/gamecntl.c:985:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cheatlen = strlen(cheat_codes[i].string); data/d1x-rebirth-0.58.1/main/gamerend.c:311:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (message, " "); data/d1x-rebirth-0.58.1/main/gamesave.c:194:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(filename); data/d1x-rebirth-0.58.1/main/gauges.c:1055:6: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(weapon_str,"V"); data/d1x-rebirth-0.58.1/main/gauges.c:1058:6: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(weapon_str,"S");break; data/d1x-rebirth-0.58.1/main/gauges.c:1060:6: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(weapon_str,"P");break; data/d1x-rebirth-0.58.1/main/gauges.c:1062:6: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(weapon_str,"F");break; data/d1x-rebirth-0.58.1/main/gauges.c:2243:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name[strlen(name)-1]=0; data/d1x-rebirth-0.58.1/main/gauges.c:2341:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( s, "Target", 6 ); data/d1x-rebirth-0.58.1/main/gauges.c:2347:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat( s, ", typing", 8); data/d1x-rebirth-0.58.1/main/gauges.c:2349:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( s, "Typing", 6 ); data/d1x-rebirth-0.58.1/main/hud.c:102:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i == startmsg && strlen(HUD_messages[i].message) > 38) data/d1x-rebirth-0.58.1/main/inferno.c:411:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(filename, GameArg.SysPilot, 12); data/d1x-rebirth-0.58.1/main/inferno.c:423:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(strstr(filename,".plr"),"\0"); data/d1x-rebirth-0.58.1/main/kconfig.c:412:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(btext, ""); data/d1x-rebirth-0.58.1/main/kconfig.c:416:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, key_properties[item->value].key_text, 10 ); break; data/d1x-rebirth-0.58.1/main/kconfig.c:418:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, mousebutton_text[item->value], 10); break; data/d1x-rebirth-0.58.1/main/kconfig.c:420:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, mouseaxis_text[item->value], 10 ); break; data/d1x-rebirth-0.58.1/main/kconfig.c:423:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(btext, joybutton_text[item->value], 10); data/d1x-rebirth-0.58.1/main/kconfig.c:429:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(btext, joyaxis_text[item->value], 10); data/d1x-rebirth-0.58.1/main/kconfig.c:434:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, invert_text[item->value], 10 ); break; data/d1x-rebirth-0.58.1/main/kconfig.c:932:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( btext, "" ); data/d1x-rebirth-0.58.1/main/kconfig.c:936:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, key_properties[item->value].key_text, 10 ); break; data/d1x-rebirth-0.58.1/main/kconfig.c:938:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, mousebutton_text[item->value], 10 ); break; data/d1x-rebirth-0.58.1/main/kconfig.c:940:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, mouseaxis_text[item->value], 10 ); break; data/d1x-rebirth-0.58.1/main/kconfig.c:943:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(btext, joybutton_text[item->value], 10); data/d1x-rebirth-0.58.1/main/kconfig.c:949:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(btext, joyaxis_text[item->value], 10); data/d1x-rebirth-0.58.1/main/kconfig.c:954:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( btext, invert_text[item->value], 10 ); break; data/d1x-rebirth-0.58.1/main/menu.c:175:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(text, Players[Player_num].callsign,CALLSIGN_LEN); data/d1x-rebirth-0.58.1/main/menu.c:206:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(Players[Player_num].callsign, text, CALLSIGN_LEN); data/d1x-rebirth-0.58.1/main/menu.c:234:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = items[citem] + strlen(items[citem]); data/d1x-rebirth-0.58.1/main/menu.c:295:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(Players[Player_num].callsign,items[citem] + ((items[citem][0]=='$')?1:0), CALLSIGN_LEN); data/d1x-rebirth-0.58.1/main/menu.c:332:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( Players[Player_num].callsign, "player", CALLSIGN_LEN ); data/d1x-rebirth-0.58.1/main/menu.c:338:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( Players[Player_num].callsign, GameCfg.LastPlayer, CALLSIGN_LEN ); data/d1x-rebirth-0.58.1/main/menu.c:369:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*f) > FILENAME_LEN-1 || strlen(*f) < 5) // sorry guys, can only have up to eight chars for the player name data/d1x-rebirth-0.58.1/main/menu.c:369:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*f) > FILENAME_LEN-1 || strlen(*f) < 5) // sorry guys, can only have up to eight chars for the player name data/d1x-rebirth-0.58.1/main/menu.c:796:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(num_text,"1"); data/d1x-rebirth-0.58.1/main/menu.c:1327:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b->list[b->num_files] = b->list[b->num_files - 1] + strlen(b->list[b->num_files - 1]) + 1; data/d1x-rebirth-0.58.1/main/menu.c:1371:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!rval && strlen(text)) data/d1x-rebirth-0.58.1/main/menu.c:1392:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((p = strstr(&newpath[strlen(newpath) - strlen(sep)], sep))) data/d1x-rebirth-0.58.1/main/menu.c:1392:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((p = strstr(&newpath[strlen(newpath) - strlen(sep)], sep))) data/d1x-rebirth-0.58.1/main/menu.c:1396:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = newpath + strlen(newpath) - 1; data/d1x-rebirth-0.58.1/main/menu.c:1397:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ((p > newpath) && strncmp(p, sep, strlen(sep))) // make sure full separator string is matched (typically is) data/d1x-rebirth-0.58.1/main/menu.c:1406:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p[strlen(sep)] != '\0') data/d1x-rebirth-0.58.1/main/menu.c:1407:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(sep)] = '\0'; data/d1x-rebirth-0.58.1/main/menu.c:1425:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(&newpath[strlen(newpath) - strlen(sep)], sep, strlen(sep))) data/d1x-rebirth-0.58.1/main/menu.c:1425:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(&newpath[strlen(newpath) - strlen(sep)], sep, strlen(sep))) data/d1x-rebirth-0.58.1/main/menu.c:1425:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(&newpath[strlen(newpath) - strlen(sep)], sep, strlen(sep))) data/d1x-rebirth-0.58.1/main/menu.c:1427:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(newpath, sep, PATH_MAX - 1 - strlen(newpath)); data/d1x-rebirth-0.58.1/main/menu.c:1427:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(newpath, sep, PATH_MAX - 1 - strlen(newpath)); data/d1x-rebirth-0.58.1/main/menu.c:1430:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(newpath, list[citem], PATH_MAX - 1 - strlen(newpath)); data/d1x-rebirth-0.58.1/main/menu.c:1430:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(newpath, list[citem], PATH_MAX - 1 - strlen(newpath)); data/d1x-rebirth-0.58.1/main/menu.c:1482:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (orig_path && strncmp(orig_path, sep, strlen(sep)) && PHYSFSX_exists(orig_path,0)) data/d1x-rebirth-0.58.1/main/menu.c:1500:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b->view_path, PHYSFS_getBaseDir(), PATH_MAX - 1); // current write directory must be set to base directory data/d1x-rebirth-0.58.1/main/menu.c:1505:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(b->view_path, orig_path, PATH_MAX - 1 - strlen(b->view_path)); data/d1x-rebirth-0.58.1/main/menu.c:1505:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(b->view_path, orig_path, PATH_MAX - 1 - strlen(b->view_path)); data/d1x-rebirth-0.58.1/main/menu.c:1510:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b->view_path, orig_path, PATH_MAX - 1); data/d1x-rebirth-0.58.1/main/menu.c:1514:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = b->view_path + strlen(b->view_path) - 1; data/d1x-rebirth-0.58.1/main/menu.c:1519:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ((p > b->view_path) && strncmp(p, sep, strlen(sep))) data/d1x-rebirth-0.58.1/main/menu.c:1533:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b->view_path, PHYSFS_getUserDir(), PATH_MAX - 1); data/d1x-rebirth-0.58.1/main/mission.c:199:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return d_strnicmp(buf,tok,strlen(tok)) == 0; data/d1x-rebirth-0.58.1/main/mission.c:264:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(filename2,""); data/d1x-rebirth-0.58.1/main/mission.c:297:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = p + strlen(p)-1; data/d1x-rebirth-0.58.1/main/mission.c:300:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) > MISSION_NAME_LEN) data/d1x-rebirth-0.58.1/main/mission.c:302:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mission->mission_name, p, MISSION_NAME_LEN + 1); data/d1x-rebirth-0.58.1/main/mission.c:374:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) + strlen(*i) + 1 >= PATH_MAX) data/d1x-rebirth-0.58.1/main/mission.c:374:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) + strlen(*i) + 1 >= PATH_MAX) data/d1x-rebirth-0.58.1/main/mission.c:380:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(rel_path, "/"); data/d1x-rebirth-0.58.1/main/mission.c:484:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_missions_to_list(mission_list, search_str, search_str + strlen(search_str), anarchy_mode); data/d1x-rebirth-0.58.1/main/mission.c:563:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf,""); data/d1x-rebirth-0.58.1/main/mission.c:578:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(buf+strlen(buf)-4,".hog"); //change extension data/d1x-rebirth-0.58.1/main/mission.c:596:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(v) < FILENAME_LEN && strlen(v) > 0) data/d1x-rebirth-0.58.1/main/mission.c:596:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(v) < FILENAME_LEN && strlen(v) > 0) data/d1x-rebirth-0.58.1/main/mission.c:603:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, ".tex", sizeof(char)*FILENAME_LEN); // apply tex-extenstion data/d1x-rebirth-0.58.1/main/mission.c:610:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, ".txb", sizeof(char)*FILENAME_LEN); // apply txb extension data/d1x-rebirth-0.58.1/main/mission.c:621:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(v) < FILENAME_LEN && strlen(v) > 0) data/d1x-rebirth-0.58.1/main/mission.c:621:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(v) < FILENAME_LEN && strlen(v) > 0) data/d1x-rebirth-0.58.1/main/mission.c:628:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, ".tex", sizeof(char)*FILENAME_LEN); // apply tex-extenstion data/d1x-rebirth-0.58.1/main/mission.c:635:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(tmp, ".txb", sizeof(char)*FILENAME_LEN); // apply txb extension data/d1x-rebirth-0.58.1/main/mission.c:663:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) <= 12) { data/d1x-rebirth-0.58.1/main/mission.c:705:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) <= 12) { data/d1x-rebirth-0.58.1/main/multi.c:1067:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(feedback_result+strlen(feedback_result), "%s '%s'", TXT_TEAM, Netgame.team_name[atoi(Network_message)-1]); data/d1x-rebirth-0.58.1/main/multi.c:1080:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(feedback_result, "\n"); data/d1x-rebirth-0.58.1/main/multi.c:1081:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(feedback_result+strlen(feedback_result), "%s '%s'", TXT_TEAM, Netgame.team_name[i]); data/d1x-rebirth-0.58.1/main/multi.c:1093:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(feedback_result, "\n"); data/d1x-rebirth-0.58.1/main/multi.c:1094:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(feedback_result+strlen(feedback_result), "%s", Players[i].callsign); data/d1x-rebirth-0.58.1/main/multi.c:1100:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(feedback_result, "."); data/d1x-rebirth-0.58.1/main/multi.c:1104:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(feedback_result) < 200); data/d1x-rebirth-0.58.1/main/multi.c:1195:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Network_message) > 7) data/d1x-rebirth-0.58.1/main/multi.c:1205:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Network_message)<=name_index) data/d1x-rebirth-0.58.1/main/multi.c:1212:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!d_strnicmp(Players[i].callsign, &Network_message[name_index], strlen(Network_message)-name_index)) && (Players[i].connected)) data/d1x-rebirth-0.58.1/main/multi.c:1241:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Network_message) > 7) data/d1x-rebirth-0.58.1/main/multi.c:1252:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Network_message)<=name_index) data/d1x-rebirth-0.58.1/main/multi.c:1286:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!d_strnicmp(Players[i].callsign, &Network_message[name_index], strlen(Network_message)-name_index)) && (i != Player_num) && (Players[i].connected)) { data/d1x-rebirth-0.58.1/main/multi.c:1396:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). multi_message_index = strlen( Network_message ); data/d1x-rebirth-0.58.1/main/multi.c:1420:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((choice > -1) && (strlen(Network_message) > 0)) { data/d1x-rebirth-0.58.1/main/multi.c:1499:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = strlen(mesbuf); data/d1x-rebirth-0.58.1/main/multi.c:1520:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = strlen(mesbuf); data/d1x-rebirth-0.58.1/main/multi.c:2574:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*)multibuf+loc, Network_message, MAX_MESSAGE_LEN); loc += MAX_MESSAGE_LEN; data/d1x-rebirth-0.58.1/main/net_udp.c:490:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iPos += strlen( sIP ) + 1; data/d1x-rebirth-0.58.1/main/net_udp.c:925:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(menus[i+4].text) < 75); data/d1x-rebirth-0.58.1/main/net_udp.c:3125:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(slevel, "1"); data/d1x-rebirth-0.58.1/main/net_udp.c:3199:2: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf( slevel, "1" ); Netgame.levelnum = 1; data/d1x-rebirth-0.58.1/main/net_udp.c:3211:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(level_text+strlen(level_text)-1, ", S1-S%d)", -Last_secret_level); data/d1x-rebirth-0.58.1/main/net_udp.c:3213:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(level_text+strlen(level_text)-1, ", S1)"); data/d1x-rebirth-0.58.1/main/net_udp.c:3215:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(level_text) < 32); data/d1x-rebirth-0.58.1/main/newdemo.c:301:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nd_write_byte(strlen(str) + 1); data/d1x-rebirth-0.58.1/main/newdemo.c:302:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newdemo_write(str, strlen(str) + 1, 1); data/d1x-rebirth-0.58.1/main/newdemo.c:3157:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). byte_count += (strlen(Players[i].callsign) + 2); data/d1x-rebirth-0.58.1/main/newdemo.c:3202:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int num, i = strlen(filename) - 1; data/d1x-rebirth-0.58.1/main/newdemo.c:3215:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, newfile, PATH_MAX); data/d1x-rebirth-0.58.1/main/newdemo.c:3346:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nd_playback_v_save_callsign, Players[Player_num].callsign, CALLSIGN_LEN); data/d1x-rebirth-0.58.1/main/newdemo.c:3380:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(Players[Player_num].callsign, nd_playback_v_save_callsign, CALLSIGN_LEN); data/d1x-rebirth-0.58.1/main/newmenu.c:229:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0;i<strlen(s2);i++) { data/d1x-rebirth-0.58.1/main/newmenu.c:315:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text)>75) data/d1x-rebirth-0.58.1/main/newmenu.c:316:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text+=strlen(text)-75; data/d1x-rebirth-0.58.1/main/newmenu.c:366:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). item->saved_text[item->value+1+strlen(item->text)+1] = SLIDER_MARKER[0]; data/d1x-rebirth-0.58.1/main/newmenu.c:434:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen( text ); data/d1x-rebirth-0.58.1/main/newmenu.c:824:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !d_strnicmp( menu->items[menu->citem].saved_text, TXT_EMPTY, strlen(TXT_EMPTY) ) ) { data/d1x-rebirth-0.58.1/main/newmenu.c:1006:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !d_strnicmp( item->saved_text, TXT_EMPTY, strlen(TXT_EMPTY) ) ) { data/d1x-rebirth-0.58.1/main/newmenu.c:1058:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (item->value==-1) item->value = strlen(item->text); data/d1x-rebirth-0.58.1/main/newmenu.c:1265:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert( strlen(menu->items[i].text) < NM_MAX_TEXT_LEN ); data/d1x-rebirth-0.58.1/main/newmenu.c:1623:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( nm_text, "" ); data/d1x-rebirth-0.58.1/main/newmenu.c:1627:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(nm_text) < MESSAGEBOX_TEXT_SIZE); data/d1x-rebirth-0.58.1/main/newmenu.c:1650:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( nm_text, "" ); data/d1x-rebirth-0.58.1/main/newmenu.c:1654:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(nm_text) < MESSAGEBOX_TEXT_SIZE ); data/d1x-rebirth-0.58.1/main/newmenu.c:2009:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (lb->marquee_maxchars && strlen(lb->item[i]) > lb->marquee_maxchars) data/d1x-rebirth-0.58.1/main/newmenu.c:2035:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (lb->marquee_charpos + lb->marquee_maxchars - 1 > strlen(lb->item[i])) // reached end of string -> scroll backward data/d1x-rebirth-0.58.1/main/newmenu.c:2037:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lb->marquee_charpos = strlen(lb->item[i]) - lb->marquee_maxchars + 1; data/d1x-rebirth-0.58.1/main/newmenu.c:2190:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(nm_text) < MESSAGEBOX_TEXT_SIZE ); data/d1x-rebirth-0.58.1/main/piggy.c:153:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( name, AllBitmaps[i].name, 12 ); data/d1x-rebirth-0.58.1/main/piggy.c:170:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( AllBitmaps[Num_bitmap_files].name, name, 12 ); data/d1x-rebirth-0.58.1/main/piggy.c:188:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( AllSounds[Num_sound_files].name, name, 12 ); data/d1x-rebirth-0.58.1/main/playsave.c:477:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strcmp(word,"key") && strlen(line)>10){ data/d1x-rebirth-0.58.1/main/playsave.c:589:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempfile[strlen(tempfile)-4]=0; data/d1x-rebirth-0.58.1/main/playsave.c:867:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename[strlen(filename) - 4] = 0; data/d1x-rebirth-0.58.1/main/playsave.c:931:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Current_mission_filename)==0 ) { data/d1x-rebirth-0.58.1/main/playsave.c:1075:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( ng->game_name, value, NETGAME_NAME_LEN+1 ); data/d1x-rebirth-0.58.1/main/polyobj.c:675:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(filename) <= 12); data/d1x-rebirth-0.58.1/main/scores.c:147:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(buffer); data/d1x-rebirth-0.58.1/main/scores.c:235:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( text1, "" ); data/d1x-rebirth-0.58.1/main/scores.c:239:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( scores.cool_saying, text1, COOL_MESSAGE_LEN ); data/d1x-rebirth-0.58.1/main/scores.c:240:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(scores.cool_saying)<1) data/d1x-rebirth-0.58.1/main/scores.c:301:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(stats->name)==0) { data/d1x-rebirth-0.58.1/main/songs.c:94:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(BIMSongs[SONG_TITLE].filename, "descent.hmp",sizeof(BIMSongs[SONG_TITLE].filename)); data/d1x-rebirth-0.58.1/main/songs.c:95:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(BIMSongs[SONG_BRIEFING].filename, "briefing.hmp",sizeof(BIMSongs[SONG_BRIEFING].filename)); data/d1x-rebirth-0.58.1/main/songs.c:96:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(BIMSongs[SONG_CREDITS].filename, "credits.hmp",sizeof(BIMSongs[SONG_CREDITS].filename)); data/d1x-rebirth-0.58.1/main/songs.c:97:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(BIMSongs[SONG_ENDLEVEL].filename, "endlevel.hmp",sizeof(BIMSongs[SONG_ENDLEVEL].filename)); // can't find it? give a warning data/d1x-rebirth-0.58.1/main/songs.c:98:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(BIMSongs[SONG_ENDGAME].filename, "endgame.hmp",sizeof(BIMSongs[SONG_ENDGAME].filename)); // ditto data/d1x-rebirth-0.58.1/main/songs.c:116:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( inputline ) ) data/d1x-rebirth-0.58.1/main/songs.c:120:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf( inputline, "%15s", BIMSongs[i].filename ); data/d1x-rebirth-0.58.1/main/songs.c:359:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (Song_playing >= SONG_FIRST_LEVEL_SONG && songnum == SONG_ENDLEVEL && !strlen(GameCfg.CMMiscMusic[songnum])) data/d1x-rebirth-0.58.1/main/state.c:692:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( desc, sg_name, DESC_LENGTH ); data/d1x-rebirth-0.58.1/main/text.c:296:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(Text_string[i], '\0', sizeof(char)*(strlen(Text_string[i])+1)); data/d1x-rebirth-0.58.1/main/text.c:297:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(Text_string[i], "SPREAD", sizeof(char)*6); data/d1x-rebirth-0.58.1/main/text.c:303:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = d_malloc(strlen(Text_string[i]) + strlen(extra) + 1); data/d1x-rebirth-0.58.1/main/text.c:303:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = d_malloc(strlen(Text_string[i]) + strlen(extra) + 1); data/d1x-rebirth-0.58.1/main/titles.c:336:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(br->background_name, DEFAULT_BRIEFING_BKG, sizeof(br->background_name)); data/d1x-rebirth-0.58.1/main/titles.c:379:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(*message) > 0 && **message == ' ') data/d1x-rebirth-0.58.1/main/titles.c:382:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(*message) > 0 && (**message >= '0') && (**message <= '9')) { data/d1x-rebirth-0.58.1/main/titles.c:387:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(*message) > 0 && *(*message)++ != 10) // Get and drop eoln data/d1x-rebirth-0.58.1/main/titles.c:395:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(*message) > 0 && **message == ' ') data/d1x-rebirth-0.58.1/main/titles.c:398:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(*message) > 0 && (**message != ' ') && (**message != 10)) { data/d1x-rebirth-0.58.1/main/titles.c:405:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(*message) > 0 && *(*message)++ != 10) // Get and drop eoln data/d1x-rebirth-0.58.1/main/titles.c:892:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fname2, "h.pcx", sizeof(char)*PATH_MAX); data/d1x-rebirth-0.58.1/main/titles.c:899:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (br->background_name,fname2, sizeof(br->background_name)); data/d1x-rebirth-0.58.1/main/titles.c:1165:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(filename)) data/d1x-rebirth-0.58.1/misc/args.c:61:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefixlen = strlen(prefix); data/d1x-rebirth-0.58.1/misc/error.c:71:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vsprintf(exit_message+strlen(exit_message),fmt,arglist); data/d1x-rebirth-0.58.1/misc/error.c:92:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vsprintf(warn_message+strlen(warn_message),fmt,arglist); data/d1x-rebirth-0.58.1/misc/physfsx.c:50:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (base_dir[strlen(base_dir) - 1] == ':') data/d1x-rebirth-0.58.1/misc/physfsx.c:51:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). base_dir[strlen(base_dir) - 1] = '\0'; data/d1x-rebirth-0.58.1/misc/physfsx.c:77:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fullPath, path, PATH_MAX + 5 - strlen(home)); data/d1x-rebirth-0.58.1/misc/physfsx.c:77:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fullPath, path, PATH_MAX + 5 - strlen(home)); data/d1x-rebirth-0.58.1/misc/physfsx.c:80:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fullPath, path, PATH_MAX + 5); data/d1x-rebirth-0.58.1/misc/physfsx.c:103:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(child, fullPath + strlen(ancestor)); data/d1x-rebirth-0.58.1/misc/physfsx.c:149:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fullPath, "/Contents/Resources/", PATH_MAX + 4 - strlen(fullPath)); data/d1x-rebirth-0.58.1/misc/physfsx.c:149:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fullPath, "/Contents/Resources/", PATH_MAX + 4 - strlen(fullPath)); data/d1x-rebirth-0.58.1/misc/physfsx.c:157:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). base_dir[strlen(base_dir)] = ':'; // go back in the bundle data/d1x-rebirth-0.58.1/misc/physfsx.c:158:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). base_dir[strlen(base_dir)] = ':'; // go back in 'Contents' data/d1x-rebirth-0.58.1/misc/physfsx.c:159:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(base_dir, ":Resources:", PATH_MAX - 1 - strlen(base_dir)); data/d1x-rebirth-0.58.1/misc/physfsx.c:159:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(base_dir, ":Resources:", PATH_MAX - 1 - strlen(base_dir)); data/d1x-rebirth-0.58.1/misc/physfsx.c:264:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(realPath, realDir, PATH_MAX - 1); data/d1x-rebirth-0.58.1/misc/physfsx.c:265:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(realPath) >= strlen(sep)) data/d1x-rebirth-0.58.1/misc/physfsx.c:265:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(realPath) >= strlen(sep)) data/d1x-rebirth-0.58.1/misc/physfsx.c:267:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = realPath + strlen(realPath) - strlen(sep); data/d1x-rebirth-0.58.1/misc/physfsx.c:267:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = realPath + strlen(realPath) - strlen(sep); data/d1x-rebirth-0.58.1/misc/physfsx.c:269:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(realPath, sep, PATH_MAX - 1 - strlen(realPath)); data/d1x-rebirth-0.58.1/misc/physfsx.c:269:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(realPath, sep, PATH_MAX - 1 - strlen(realPath)); data/d1x-rebirth-0.58.1/misc/physfsx.c:272:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(stdPath) >= 1) data/d1x-rebirth-0.58.1/misc/physfsx.c:279:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(realPath, sep, PATH_MAX - 1 - strlen(realPath)); data/d1x-rebirth-0.58.1/misc/physfsx.c:279:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(realPath, sep, PATH_MAX - 1 - strlen(realPath)); data/d1x-rebirth-0.58.1/misc/physfsx.c:282:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(realPath) < PATH_MAX - 2) data/d1x-rebirth-0.58.1/misc/physfsx.c:284:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = realPath + strlen(realPath); data/d1x-rebirth-0.58.1/misc/strutil.c:42:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(buf) < 1024); data/d1x-rebirth-0.58.1/misc/strutil.c:45:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out_string, buf, size); data/d1x-rebirth-0.58.1/misc/strutil.c:53:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = malloc(strlen(str) + 1); data/d1x-rebirth-0.58.1/misc/strutil.c:120:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s1 + strlen(s1) - 1; data/d1x-rebirth-0.58.1/misc/strutil.c:133:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = d_malloc(strlen(str) + 1); data/d1x-rebirth-0.58.1/misc/strutil.c:146:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out, filename, p - filename); data/d1x-rebirth-0.58.1/misc/strutil.c:166:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dest) > FILENAME_LEN - 5) data/d1x-rebirth-0.58.1/misc/strutil.c:169:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = dest + strlen(dest); data/d1x-rebirth-0.58.1/misc/strutil.c:251:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *next_str = *num_str ? (*list)[*num_str - 1] + strlen((*list)[*num_str - 1]) + 1 : *list_buf; data/d1x-rebirth-0.58.1/misc/strutil.c:263:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (next_str + strlen(str) + 1 - *list_buf >= *max_buf) data/d1x-rebirth-0.58.1/misc/strutil.c:278:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). next_str = *num_str ? (*list)[*num_str - 1] + strlen((*list)[*num_str - 1]) + 1 : *list_buf; data/d1x-rebirth-0.58.1/misc/strutil.c:305:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = *num_str ? (*list)[*num_str - 1] + strlen((*list)[*num_str - 1]) + 1 - *list_buf : 1; // buffer size - a bit of variable recycling data/d1x-rebirth-0.58.1/ui/button.c:112:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MALLOC( button->text, char, strlen(text)+1 ); data/d1x-rebirth-0.58.1/ui/checkbox.c:71:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). checkbox->text = d_malloc(strlen(text) + 5); data/d1x-rebirth-0.58.1/ui/file.c:48:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(path, "/", PATH_MAX - strlen(dir)); data/d1x-rebirth-0.58.1/ui/file.c:48:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(path, "/", PATH_MAX - strlen(dir)); data/d1x-rebirth-0.58.1/ui/file.c:50:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). test_filename = path + strlen(path); data/d1x-rebirth-0.58.1/ui/file.c:55:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*i) >= test_max) data/d1x-rebirth-0.58.1/ui/file.c:177:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b->filename, b->view_dir, PATH_MAX); data/d1x-rebirth-0.58.1/ui/file.c:194:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(b->filename, "/", PATH_MAX - strlen(b->filename)); data/d1x-rebirth-0.58.1/ui/file.c:194:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(b->filename, "/", PATH_MAX - strlen(b->filename)); data/d1x-rebirth-0.58.1/ui/file.c:195:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(b->filename, p, PATH_MAX - strlen(b->filename)); data/d1x-rebirth-0.58.1/ui/file.c:195:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(b->filename, p, PATH_MAX - strlen(b->filename)); data/d1x-rebirth-0.58.1/ui/file.c:223:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (b->filename[strlen(b->filename) - 1] == '/') // user typed a separator on the end data/d1x-rebirth-0.58.1/ui/file.c:224:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b->filename[strlen(b->filename) - 1] = 0; data/d1x-rebirth-0.58.1/ui/file.c:285:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(b->view_dir, ""); data/d1x-rebirth-0.58.1/ui/icon.c:113:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MALLOC( icon->text, char, strlen( text )+2);//Hack by KRB data/d1x-rebirth-0.58.1/ui/inputbox.c:31:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (n=strlen(s)-p; n>=0; n-- ) data/d1x-rebirth-0.58.1/ui/inputbox.c:98:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( inputbox->text, text, length ); data/d1x-rebirth-0.58.1/ui/inputbox.c:99:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inputbox->position = strlen(inputbox->text); data/d1x-rebirth-0.58.1/ui/inputbox.c:179:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(inputbox->text, text, inputbox->length + 1); data/d1x-rebirth-0.58.1/ui/inputbox.c:180:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inputbox->position = strlen(text); data/d1x-rebirth-0.58.1/ui/keypad.c:340:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( KeyPad[n]->description, buffer, 100 ); data/d1x-rebirth-0.58.1/ui/keypress.c:61:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( Ctrl, ""); data/d1x-rebirth-0.58.1/ui/keypress.c:66:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( Alt, ""); data/d1x-rebirth-0.58.1/ui/keypress.c:71:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( Shift, ""); data/d1x-rebirth-0.58.1/ui/keypress.c:90:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(KeyDesc[i])>0 && strstr(text, KeyDesc[i]) ) data/d1x-rebirth-0.58.1/ui/keypress.c:146:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(k.text, ""); data/d1x-rebirth-0.58.1/ui/menubar.c:808:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i<=strlen(Menu[menu].Item[item].Text); i++ ) data/d1x-rebirth-0.58.1/ui/menubar.c:828:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf1)) data/d1x-rebirth-0.58.1/utilities/extractD1Data.cpp:110:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). installer.read(chaos_hog_buffer, CHAOS_HOG_SIZE); data/d1x-rebirth-0.58.1/utilities/extractD1Data.cpp:116:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). installer.read(chaos_msn_rez_buffer, CHAOS_MSN_REZ_SIZE); data/d1x-rebirth-0.58.1/utilities/extractD1Data.cpp:122:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). installer.read(chaos_msn_buffer, CHAOS_MSN_SIZE); data/d1x-rebirth-0.58.1/utilities/extractD1Data.cpp:128:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). installer.read(descent_hog_buffer, DESCENT_HOG_SIZE); data/d1x-rebirth-0.58.1/utilities/extractD1Data.cpp:134:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). installer.read(descent_pig_buffer, DESCENT_PIG_SIZE); ANALYSIS SUMMARY: Hits = 1512 Lines analyzed = 135148 in approximately 3.04 seconds (44470 lines/second) Physical Source Lines of Code (SLOC) = 95765 Hits@level = [0] 156 [1] 307 [2] 868 [3] 10 [4] 326 [5] 1 Hits@level+ = [0+] 1668 [1+] 1512 [2+] 1205 [3+] 337 [4+] 327 [5+] 1 Hits/KSLOC@level+ = [0+] 17.4176 [1+] 15.7886 [2+] 12.5829 [3+] 3.51903 [4+] 3.41461 [5+] 0.0104422 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.