Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/darkplaces-0~20180908~beta1/zone.h
Examining data/darkplaces-0~20180908~beta1/zone.c
Examining data/darkplaces-0~20180908~beta1/world.h
Examining data/darkplaces-0~20180908~beta1/wad.h
Examining data/darkplaces-0~20180908~beta1/wad.c
Examining data/darkplaces-0~20180908~beta1/view.c
Examining data/darkplaces-0~20180908~beta1/vid_sdl.c
Examining data/darkplaces-0~20180908~beta1/vid_null.c
Examining data/darkplaces-0~20180908~beta1/vid.h
Examining data/darkplaces-0~20180908~beta1/utf8lib.h
Examining data/darkplaces-0~20180908~beta1/utf8lib.c
Examining data/darkplaces-0~20180908~beta1/timing.h
Examining data/darkplaces-0~20180908~beta1/thread_win.c
Examining data/darkplaces-0~20180908~beta1/thread_sdl.c
Examining data/darkplaces-0~20180908~beta1/thread_pthread.c
Examining data/darkplaces-0~20180908~beta1/thread_null.c
Examining data/darkplaces-0~20180908~beta1/thread.h
Examining data/darkplaces-0~20180908~beta1/sys_win.c
Examining data/darkplaces-0~20180908~beta1/sys_sdl.c
Examining data/darkplaces-0~20180908~beta1/sys_linux.c
Examining data/darkplaces-0~20180908~beta1/svbsp.h
Examining data/darkplaces-0~20180908~beta1/svbsp.c
Examining data/darkplaces-0~20180908~beta1/sv_user.c
Examining data/darkplaces-0~20180908~beta1/sv_phys.c
Examining data/darkplaces-0~20180908~beta1/sv_move.c
Examining data/darkplaces-0~20180908~beta1/sv_main.c
Examining data/darkplaces-0~20180908~beta1/sv_demo.h
Examining data/darkplaces-0~20180908~beta1/sv_demo.c
Examining data/darkplaces-0~20180908~beta1/spritegn.h
Examining data/darkplaces-0~20180908~beta1/sound.h
Examining data/darkplaces-0~20180908~beta1/snd_wav.h
Examining data/darkplaces-0~20180908~beta1/snd_wav.c
Examining data/darkplaces-0~20180908~beta1/snd_oss.c
Examining data/darkplaces-0~20180908~beta1/snd_ogg.h
Examining data/darkplaces-0~20180908~beta1/snd_ogg.c
Examining data/darkplaces-0~20180908~beta1/snd_null.c
Examining data/darkplaces-0~20180908~beta1/snd_mix.c
Examining data/darkplaces-0~20180908~beta1/snd_mem.c
Examining data/darkplaces-0~20180908~beta1/snd_main.h
Examining data/darkplaces-0~20180908~beta1/server.h
Examining data/darkplaces-0~20180908~beta1/screen.h
Examining data/darkplaces-0~20180908~beta1/sbar.h
Examining data/darkplaces-0~20180908~beta1/resource.h
Examining data/darkplaces-0~20180908~beta1/r_textures.h
Examining data/darkplaces-0~20180908~beta1/r_sprites.c
Examining data/darkplaces-0~20180908~beta1/r_sky.c
Examining data/darkplaces-0~20180908~beta1/r_shadow.h
Examining data/darkplaces-0~20180908~beta1/r_shadow.c
Examining data/darkplaces-0~20180908~beta1/r_modules.h
Examining data/darkplaces-0~20180908~beta1/r_modules.c
Examining data/darkplaces-0~20180908~beta1/r_lightning.c
Examining data/darkplaces-0~20180908~beta1/r_lerpanim.h
Examining data/darkplaces-0~20180908~beta1/r_lerpanim.c
Examining data/darkplaces-0~20180908~beta1/r_explosion.c
Examining data/darkplaces-0~20180908~beta1/quakedef.h
Examining data/darkplaces-0~20180908~beta1/qtypes.h
Examining data/darkplaces-0~20180908~beta1/prvm_offsets.h
Examining data/darkplaces-0~20180908~beta1/prvm_execprogram.h
Examining data/darkplaces-0~20180908~beta1/prvm_exec.c
Examining data/darkplaces-0~20180908~beta1/prvm_cmds.h
Examining data/darkplaces-0~20180908~beta1/protocol.c
Examining data/darkplaces-0~20180908~beta1/progs.h
Examining data/darkplaces-0~20180908~beta1/progdefs.h
Examining data/darkplaces-0~20180908~beta1/pr_comp.h
Examining data/darkplaces-0~20180908~beta1/portals.h
Examining data/darkplaces-0~20180908~beta1/portals.c
Examining data/darkplaces-0~20180908~beta1/polygon.h
Examining data/darkplaces-0~20180908~beta1/polygon.c
Examining data/darkplaces-0~20180908~beta1/palette.h
Examining data/darkplaces-0~20180908~beta1/palette.c
Examining data/darkplaces-0~20180908~beta1/netconn.h
Examining data/darkplaces-0~20180908~beta1/mvm_cmds.c
Examining data/darkplaces-0~20180908~beta1/mprogdefs.h
Examining data/darkplaces-0~20180908~beta1/modelgen.h
Examining data/darkplaces-0~20180908~beta1/model_zymotic.h
Examining data/darkplaces-0~20180908~beta1/model_sprite.h
Examining data/darkplaces-0~20180908~beta1/model_sprite.c
Examining data/darkplaces-0~20180908~beta1/model_shared.h
Examining data/darkplaces-0~20180908~beta1/model_psk.h
Examining data/darkplaces-0~20180908~beta1/model_iqm.h
Examining data/darkplaces-0~20180908~beta1/model_dpmodel.h
Examining data/darkplaces-0~20180908~beta1/model_brush.h
Examining data/darkplaces-0~20180908~beta1/model_brush.c
Examining data/darkplaces-0~20180908~beta1/model_alias.h
Examining data/darkplaces-0~20180908~beta1/model_alias.c
Examining data/darkplaces-0~20180908~beta1/mod_skeletal_animatevertices_sse.h
Examining data/darkplaces-0~20180908~beta1/mod_skeletal_animatevertices_sse.c
Examining data/darkplaces-0~20180908~beta1/mod_skeletal_animatevertices_generic.h
Examining data/darkplaces-0~20180908~beta1/mod_skeletal_animatevertices_generic.c
Examining data/darkplaces-0~20180908~beta1/meshqueue.h
Examining data/darkplaces-0~20180908~beta1/meshqueue.c
Examining data/darkplaces-0~20180908~beta1/menu.h
Examining data/darkplaces-0~20180908~beta1/mdfour.h
Examining data/darkplaces-0~20180908~beta1/mdfour.c
Examining data/darkplaces-0~20180908~beta1/matrixlib.h
Examining data/darkplaces-0~20180908~beta1/matrixlib.c
Examining data/darkplaces-0~20180908~beta1/mathlib.h
Examining data/darkplaces-0~20180908~beta1/mathlib.c
Examining data/darkplaces-0~20180908~beta1/libcurl.h
Examining data/darkplaces-0~20180908~beta1/lhnet.h
Examining data/darkplaces-0~20180908~beta1/lhnet.c
Examining data/darkplaces-0~20180908~beta1/lhfont.h
Examining data/darkplaces-0~20180908~beta1/keysym2ucs.c
Examining data/darkplaces-0~20180908~beta1/keys.h
Examining data/darkplaces-0~20180908~beta1/keys.c
Examining data/darkplaces-0~20180908~beta1/jpeg.h
Examining data/darkplaces-0~20180908~beta1/jpeg.c
Examining data/darkplaces-0~20180908~beta1/intoverflow.h
Examining data/darkplaces-0~20180908~beta1/input.h
Examining data/darkplaces-0~20180908~beta1/image.h
Examining data/darkplaces-0~20180908~beta1/image.c
Examining data/darkplaces-0~20180908~beta1/host_cmd.c
Examining data/darkplaces-0~20180908~beta1/hmac.h
Examining data/darkplaces-0~20180908~beta1/hmac.c
Examining data/darkplaces-0~20180908~beta1/glquake.h
Examining data/darkplaces-0~20180908~beta1/gl_rsurf.c
Examining data/darkplaces-0~20180908~beta1/gl_backend.h
Examining data/darkplaces-0~20180908~beta1/ft2_fontdefs.h
Examining data/darkplaces-0~20180908~beta1/ft2_defs.h
Examining data/darkplaces-0~20180908~beta1/ft2.h
Examining data/darkplaces-0~20180908~beta1/fs.h
Examining data/darkplaces-0~20180908~beta1/fs.c
Examining data/darkplaces-0~20180908~beta1/fractalnoise.c
Examining data/darkplaces-0~20180908~beta1/filematch.c
Examining data/darkplaces-0~20180908~beta1/draw.h
Examining data/darkplaces-0~20180908~beta1/dpvsimpledecode.h
Examining data/darkplaces-0~20180908~beta1/dpvsimpledecode.c
Examining data/darkplaces-0~20180908~beta1/cvar.h
Examining data/darkplaces-0~20180908~beta1/cvar.c
Examining data/darkplaces-0~20180908~beta1/curves.h
Examining data/darkplaces-0~20180908~beta1/csprogs.h
Examining data/darkplaces-0~20180908~beta1/crypto.h
Examining data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c
Examining data/darkplaces-0~20180908~beta1/console.h
Examining data/darkplaces-0~20180908~beta1/console.c
Examining data/darkplaces-0~20180908~beta1/conproc.h
Examining data/darkplaces-0~20180908~beta1/conproc.c
Examining data/darkplaces-0~20180908~beta1/common.h
Examining data/darkplaces-0~20180908~beta1/collision.h
Examining data/darkplaces-0~20180908~beta1/collision.c
Examining data/darkplaces-0~20180908~beta1/cmd.h
Examining data/darkplaces-0~20180908~beta1/clvm_cmds.h
Examining data/darkplaces-0~20180908~beta1/clprogdefs.h
Examining data/darkplaces-0~20180908~beta1/client.h
Examining data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c
Examining data/darkplaces-0~20180908~beta1/cl_video.h
Examining data/darkplaces-0~20180908~beta1/cl_video.c
Examining data/darkplaces-0~20180908~beta1/cl_screen.h
Examining data/darkplaces-0~20180908~beta1/cl_screen.c
Examining data/darkplaces-0~20180908~beta1/cl_particles.c
Examining data/darkplaces-0~20180908~beta1/cl_input.c
Examining data/darkplaces-0~20180908~beta1/cl_demo.c
Examining data/darkplaces-0~20180908~beta1/cl_collision.h
Examining data/darkplaces-0~20180908~beta1/cl_collision.c
Examining data/darkplaces-0~20180908~beta1/cap_ogg.h
Examining data/darkplaces-0~20180908~beta1/cap_avi.h
Examining data/darkplaces-0~20180908~beta1/cap_avi.c
Examining data/darkplaces-0~20180908~beta1/builddate.c
Examining data/darkplaces-0~20180908~beta1/bspfile.h
Examining data/darkplaces-0~20180908~beta1/bih.h
Examining data/darkplaces-0~20180908~beta1/bih.c
Examining data/darkplaces-0~20180908~beta1/SDLMain.h
Examining data/darkplaces-0~20180908~beta1/cl_parse.c
Examining data/darkplaces-0~20180908~beta1/host.c
Examining data/darkplaces-0~20180908~beta1/snd_main.c
Examining data/darkplaces-0~20180908~beta1/cd_shared.c
Examining data/darkplaces-0~20180908~beta1/cdaudio.h
Examining data/darkplaces-0~20180908~beta1/model_shared.c
Examining data/darkplaces-0~20180908~beta1/common.c
Examining data/darkplaces-0~20180908~beta1/snd_sdl.c
Examining data/darkplaces-0~20180908~beta1/gl_backend.c
Examining data/darkplaces-0~20180908~beta1/render.h
Examining data/darkplaces-0~20180908~beta1/shader_glsl.h
Examining data/darkplaces-0~20180908~beta1/cl_main.c
Examining data/darkplaces-0~20180908~beta1/csprogs.c
Examining data/darkplaces-0~20180908~beta1/protocol.h
Examining data/darkplaces-0~20180908~beta1/cap_ogg.c
Examining data/darkplaces-0~20180908~beta1/image_png.h
Examining data/darkplaces-0~20180908~beta1/image_png.c
Examining data/darkplaces-0~20180908~beta1/libcurl.c
Examining data/darkplaces-0~20180908~beta1/ft2.c
Examining data/darkplaces-0~20180908~beta1/crypto.c
Examining data/darkplaces-0~20180908~beta1/cl_video_libavw.c
Examining data/darkplaces-0~20180908~beta1/sys_shared.c
Examining data/darkplaces-0~20180908~beta1/clvm_cmds.c
Examining data/darkplaces-0~20180908~beta1/cmd.c
Examining data/darkplaces-0~20180908~beta1/curves.c
Examining data/darkplaces-0~20180908~beta1/gl_draw.c
Examining data/darkplaces-0~20180908~beta1/gl_textures.c
Examining data/darkplaces-0~20180908~beta1/menu.c
Examining data/darkplaces-0~20180908~beta1/netconn.c
Examining data/darkplaces-0~20180908~beta1/progsvm.h
Examining data/darkplaces-0~20180908~beta1/prvm_cmds.c
Examining data/darkplaces-0~20180908~beta1/prvm_edict.c
Examining data/darkplaces-0~20180908~beta1/sbar.c
Examining data/darkplaces-0~20180908~beta1/svvm_cmds.c
Examining data/darkplaces-0~20180908~beta1/sys.h
Examining data/darkplaces-0~20180908~beta1/vid_shared.c
Examining data/darkplaces-0~20180908~beta1/world.c
Examining data/darkplaces-0~20180908~beta1/gl_rmain.c
FINAL RESULTS:
data/darkplaces-0~20180908~beta1/sys_shared.c:500:6: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
n = readlink("/proc/curproc/file", exenamebuf, sizeof(exenamebuf)-1);
data/darkplaces-0~20180908~beta1/sys_shared.c:502:6: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
n = readlink("/proc/self/exe", exenamebuf, sizeof(exenamebuf)-1);
data/darkplaces-0~20180908~beta1/cl_parse.c:433:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/cl_particles.c:1767:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/cl_screen.c:2412:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/common.c:1674:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef snprintf
data/darkplaces-0~20180908~beta1/common.c:1675:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef vsnprintf
data/darkplaces-0~20180908~beta1/common.c:1678:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/darkplaces-0~20180908~beta1/common.c:1678:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/darkplaces-0~20180908~beta1/common.c:1679:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/darkplaces-0~20180908~beta1/common.c:1703:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = vsnprintf (buffer, buffersize, format, args);
data/darkplaces-0~20180908~beta1/common.h:221:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifdef snprintf
data/darkplaces-0~20180908~beta1/common.h:222:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# undef snprintf
data/darkplaces-0~20180908~beta1/common.h:224:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf DO_NOT_USE_SNPRINTF__USE_DPSNPRINTF
data/darkplaces-0~20180908~beta1/common.h:225:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifdef vsnprintf
data/darkplaces-0~20180908~beta1/common.h:226:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# undef vsnprintf
data/darkplaces-0~20180908~beta1/common.h:228:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf DO_NOT_USE_VSNPRINTF__USE_DPVSNPRINTF
data/darkplaces-0~20180908~beta1/common.h:239:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#undef strcat
data/darkplaces-0~20180908~beta1/common.h:240:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define strcat DO_NOT_USE_STRCAT__USE_STRLCAT_OR_MEMCPY
data/darkplaces-0~20180908~beta1/common.h:243:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#undef strcpy
data/darkplaces-0~20180908~beta1/common.h:244:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy DO_NOT_USE_STRCPY__USE_STRLCPY_OR_MEMCPY
data/darkplaces-0~20180908~beta1/fs.c:1991:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(va(vabuf, sizeof(vabuf), "%s%s/", userdir, gamedirname1), W_OK | X_OK) >= 0)
data/darkplaces-0~20180908~beta1/gl_rmain.c:5318:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/glquake.h:669:66: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
extern GLvoid* (GLAPIENTRY *qglMapBuffer) (GLenum target, GLenum access);
data/darkplaces-0~20180908~beta1/lhnet.c:51:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Con_Print printf
data/darkplaces-0~20180908~beta1/lhnet.c:52:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Con_Printf printf
data/darkplaces-0~20180908~beta1/lhnet.c:290:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/lhnet.c:426:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/model_brush.c:5227:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/quakedef.h:30:51: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DP_FUNC_PRINTF(n) __attribute__ ((format (printf, n, n+1)))
data/darkplaces-0~20180908~beta1/r_shadow.c:4888:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/vid_shared.c:228:59: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLvoid* (GLAPIENTRY *qglMapBuffer) (GLenum target, GLenum access);
data/darkplaces-0~20180908~beta1/vid_shared.c:407:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define sscanf sscanf_s
data/darkplaces-0~20180908~beta1/cl_demo.c:605:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0); // predictable random sequence for benchmarking
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:301:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "d:s:p:P:i:I:j:J:o:O:c:b:x:X:y:Fn:C0")) != -1)
data/darkplaces-0~20180908~beta1/fs.c:1888:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("USERPROFILE");
data/darkplaces-0~20180908~beta1/fs.c:1944:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("HOME");
data/darkplaces-0~20180908~beta1/fs.c:1952:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("HOME");
data/darkplaces-0~20180908~beta1/host.c:1171:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0); // predictable random sequence for -benchmark
data/darkplaces-0~20180908~beta1/host.c:1173:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(NULL));
data/darkplaces-0~20180908~beta1/image.c:1816:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double random;
data/darkplaces-0~20180908~beta1/image.c:1827:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 2] = 83 + (unsigned char)(random * 64);
data/darkplaces-0~20180908~beta1/image.c:1828:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 1] = 71 + (unsigned char)(random * 32);
data/darkplaces-0~20180908~beta1/image.c:1829:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 0] = 23 + (unsigned char)(random * 16);
data/darkplaces-0~20180908~beta1/image.c:1836:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 2] = 95 + (unsigned char)(random * 64);
data/darkplaces-0~20180908~beta1/image.c:1837:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 1] = 95 + (unsigned char)(random * 64);
data/darkplaces-0~20180908~beta1/image.c:1838:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 0] = 95 + (unsigned char)(random * 64);
data/darkplaces-0~20180908~beta1/image.c:1845:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 2] = 83 + (unsigned char)(random * 64);
data/darkplaces-0~20180908~beta1/image.c:1846:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 1] = 71 + (unsigned char)(random * 32);
data/darkplaces-0~20180908~beta1/image.c:1847:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 0] = 23 + (unsigned char)(random * 16);
data/darkplaces-0~20180908~beta1/image.c:1854:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 2] = 96 + (unsigned char)(random * 64);
data/darkplaces-0~20180908~beta1/image.c:1855:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 1] = 43 + (unsigned char)(random * 32);
data/darkplaces-0~20180908~beta1/image.c:1856:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
data[i * 4 + 0] = 27 + (unsigned char)(random * 32);
data/darkplaces-0~20180908~beta1/snd_main.c:555:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("QUAKE_SOUND_CHANNELS");
data/darkplaces-0~20180908~beta1/snd_main.c:568:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("QUAKE_SOUND_SPEED");
data/darkplaces-0~20180908~beta1/snd_main.c:581:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("QUAKE_SOUND_SAMPLEBITS");
data/darkplaces-0~20180908~beta1/sv_main.c:3393:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(sv_random_seed.integer);
data/darkplaces-0~20180908~beta1/sys_shared.c:158:15: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
dllhandle = LoadLibrary (dllnames[i]);
data/darkplaces-0~20180908~beta1/sys_shared.c:183:16: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
dllhandle = LoadLibrary (temp);
data/darkplaces-0~20180908~beta1/sys_shared.c:512:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return Sys_FindInPATH(com_argv[0], '/', getenv("PATH"), ':', exenamebuf, sizeof(exenamebuf));
data/darkplaces-0~20180908~beta1/zone.c:118:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *tmpdir = getenv("TEMP");
data/darkplaces-0~20180908~beta1/bih.c:111:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(leaflist + front, bih->leafsortscratch, back*sizeof(leaflist[0]));
data/darkplaces-0~20180908~beta1/cap_avi.c:23:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char riffbufferdata[128];
data/darkplaces-0~20180908~beta1/cap_avi.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *riffstackfourcc[4];
data/darkplaces-0~20180908~beta1/cap_avi.c:137:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sizebytes[4];
data/darkplaces-0~20180908~beta1/cap_avi.c:181:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data, olddata, oldsize);
data/darkplaces-0~20180908~beta1/cap_avi.c:456:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufstereo16le[PAINTBUFFER_SIZE * 4];
data/darkplaces-0~20180908~beta1/cap_avi.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cap_ogg.c:123:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[282]; /* working space for header encode */
data/darkplaces-0~20180908~beta1/cap_ogg.c:690:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[65307];
data/darkplaces-0~20180908~beta1/cap_ogg.c:739:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(format->videopage.data, pg.header, pg.header_len);
data/darkplaces-0~20180908~beta1/cap_ogg.c:740:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(format->videopage.data + pg.header_len, pg.body, pg.body_len);
data/darkplaces-0~20180908~beta1/cap_ogg.c:749:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(format->audiopage.data, pg.header, pg.header_len);
data/darkplaces-0~20180908~beta1/cap_ogg.c:750:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(format->audiopage.data + pg.header_len, pg.body, pg.body_len);
data/darkplaces-0~20180908~beta1/cap_ogg.c:998:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cd_shared.c:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char filename_t[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cd_shared.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cd_shared.c:132:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
track = (unsigned int) atoi(trackname);
data/darkplaces-0~20180908~beta1/cd_shared.c:141:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
track = (unsigned int) atoi(trackname);
data/darkplaces-0~20180908~beta1/cd_shared.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/darkplaces-0~20180908~beta1/cd_shared.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trackname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_demo.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_demo.c:170:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
while(startoffset < *filesize && ((char *)(*buf))[startoffset] != '\n')
data/darkplaces-0~20180908~beta1/cl_demo.c:306:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufdata[64];
data/darkplaces-0~20180908~beta1/cl_demo.c:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/cl_demo.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_demo.c:373:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
track = atoi(Cmd_Argv(3));
data/darkplaces-0~20180908~beta1/cl_demo.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_demo.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_demo.c:521:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
history = (benchmarkhistory_t *)Z_Malloc(sizeof(*history) * atoi(com_argv[i + 1]));
data/darkplaces-0~20180908~beta1/cl_demo.c:530:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(com_argv[i + 1]) > benchmark_runs)
data/darkplaces-0~20180908~beta1/cl_input.c:72:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(c);
data/darkplaces-0~20180908~beta1/cl_input.c:101:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(c);
data/darkplaces-0~20180908~beta1/cl_input.c:199:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
static void IN_Impulse (void) {in_impulse=atoi(Cmd_Argv(1));}
data/darkplaces-0~20180908~beta1/cl_input.c:250:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(Cmd_Argv(2)),
data/darkplaces-0~20180908~beta1/cl_input.c:251:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(Cmd_Argv(3)),
data/darkplaces-0~20180908~beta1/cl_input.c:252:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(Cmd_Argv(4)),
data/darkplaces-0~20180908~beta1/cl_input.c:253:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(Cmd_Argv(5)),
data/darkplaces-0~20180908~beta1/cl_input.c:254:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(Cmd_Argv(6))
data/darkplaces-0~20180908~beta1/cl_input.c:1753:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1024];
data/darkplaces-0~20180908~beta1/cl_main.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_main.c:291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cl.entities, oldentities, oldmaxentities * sizeof(entity_t));
data/darkplaces-0~20180908~beta1/cl_main.c:317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cl.csqcrenderentities, oldcsqcrenderentities, oldmaxcsqcrenderentities * sizeof(entity_render_t));
data/darkplaces-0~20180908~beta1/cl_main.c:369:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufdata[8];
data/darkplaces-0~20180908~beta1/cl_main.c:1403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_main.c:2117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->name, name, namelen);
data/darkplaces-0~20180908~beta1/cl_main.c:2167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locfilename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_main.c:2204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_main.c:2243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locfilename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_main.c:2244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_main.c:2325:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, linetext, len);
data/darkplaces-0~20180908~beta1/cl_main.c:2374:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cl_meshentitynames[NUM_MESHENTITIES] =
data/darkplaces-0~20180908~beta1/cl_parse.c:33:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *svc_strings[128] =
data/darkplaces-0~20180908~beta1/cl_parse.c:107:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *qw_svc_strings[128] =
data/darkplaces-0~20180908~beta1/cl_parse.c:305:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char olddata[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/cl_parse.c:353:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(olddata, cl_message.data, cl_message.cursize);
data/darkplaces-0~20180908~beta1/cl_parse.c:358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cl_message.data, olddata, cl_message.cursize);
data/darkplaces-0~20180908~beta1/cl_parse.c:364:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/darkplaces-0~20180908~beta1/cl_parse.c:383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128], value[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_parse.c:537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:785:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls.qw_downloadmemory, old, cls.qw_downloadmemorycursize);
data/darkplaces-0~20180908~beta1/cl_parse.c:822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:948:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls.qw_uploaddata, data, size);
data/darkplaces-0~20180908~beta1/cl_parse.c:974:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[2048];
data/darkplaces-0~20180908~beta1/cl_parse.c:976:94: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
InfoString_GetValue(cl.scores[slot].qw_userinfo, "topcolor", temp, sizeof(temp));topcolor = atoi(temp);
data/darkplaces-0~20180908~beta1/cl_parse.c:977:100: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
InfoString_GetValue(cl.scores[slot].qw_userinfo, "bottomcolor", temp, sizeof(temp));bottomcolor = atoi(temp);
data/darkplaces-0~20180908~beta1/cl_parse.c:1008:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[2048];
data/darkplaces-0~20180908~beta1/cl_parse.c:1009:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/darkplaces-0~20180908~beta1/cl_parse.c:1025:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[2048];
data/darkplaces-0~20180908~beta1/cl_parse.c:1026:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048];
data/darkplaces-0~20180908~beta1/cl_parse.c:1027:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/darkplaces-0~20180908~beta1/cl_parse.c:1033:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl.qw_teamplay = atoi(temp);
data/darkplaces-0~20180908~beta1/cl_parse.c:1041:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[6];
data/darkplaces-0~20180908~beta1/cl_parse.c:1083:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:1328:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soundname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_parse.c:1425:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH*2];
data/darkplaces-0~20180908~beta1/cl_parse.c:1436:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls.caughtcsprogsdata, cls.qw_downloadmemory, cls.qw_downloadmemorycursize);
data/darkplaces-0~20180908~beta1/cl_parse.c:1476:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char data[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/cl_parse.c:1505:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls.qw_downloadmemory + start, data, size);
data/darkplaces-0~20180908~beta1/cl_parse.c:1514:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/cl_parse.c:1563:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CL_StopDownload(atoi(Cmd_Argv(1)), atoi(Cmd_Argv(2)));
data/darkplaces-0~20180908~beta1/cl_parse.c:1563:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CL_StopDownload(atoi(Cmd_Argv(1)), atoi(Cmd_Argv(2)));
data/darkplaces-0~20180908~beta1/cl_parse.c:1569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:1678:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:1724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamedir[1][MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_parse.c:1918:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demofile[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/cl_parse.c:3023:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cl_iplog_items, olditems, cl_iplog_numitems * sizeof(cl_iplog_item_t));
data/darkplaces-0~20180908~beta1/cl_parse.c:3056:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_parse.c:3057:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_parse.c:3143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_parse.c:3179:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ping = atoi(t);
data/darkplaces-0~20180908~beta1/cl_parse.c:3239:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl.parsingtextplayerindex = atoi(t) - 1;
data/darkplaces-0~20180908~beta1/cl_parse.c:3395:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdlog[32];
data/darkplaces-0~20180908~beta1/cl_parse.c:3396:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cmdlogname[32], *temp;
data/darkplaces-0~20180908~beta1/cl_parse.c:3400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_parse.c:3472:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[32*64], logtemp[64];
data/darkplaces-0~20180908~beta1/cl_parse.c:3833:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[32*64], tempdesc[64];
data/darkplaces-0~20180908~beta1/cl_particles.c:128:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char particleeffectname[MAX_PARTICLEEFFECTNAME][64];
data/darkplaces-0~20180908~beta1/cl_particles.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv[16][1024];
data/darkplaces-0~20180908~beta1/cl_particles.c:497:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *standardeffectnames[EFFECT_TOTAL] =
data/darkplaces-0~20180908~beta1/cl_particles.c:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_particles.c:836:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char color[3];
data/darkplaces-0~20180908~beta1/cl_particles.c:1464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_particles.c:1737:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_particles.c:2069:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(particletexturedata + ((basey + y) * PARTICLEFONTSIZE + basex) * 4, data + y * PARTICLETEXTURESIZE * 4, PARTICLETEXTURESIZE * 4);
data/darkplaces-0~20180908~beta1/cl_particles.c:2170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texturename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_particles.c:2351:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char noise3[64][64], data2[64][16][4];
data/darkplaces-0~20180908~beta1/cl_particles.c:2389:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(com_token);
data/darkplaces-0~20180908~beta1/cl_particles.c:2633:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cl.decals, olddecals, cl.num_decals * sizeof(decal_t));
data/darkplaces-0~20180908~beta1/cl_particles.c:3163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cl.particles, oldparticles, cl.num_particles * sizeof(particle_t));
data/darkplaces-0~20180908~beta1/cl_screen.c:142:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scr_centerstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_screen.c:148:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scr_infobarstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cl_screen.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytesstring[128];
data/darkplaces-0~20180908~beta1/cl_screen.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_screen.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/darkplaces-0~20180908~beta1/cl_screen.c:568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/darkplaces-0~20180908~beta1/cl_screen.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addinfobuf[128];
data/darkplaces-0~20180908~beta1/cl_screen.c:627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addinfobuf[128];
data/darkplaces-0~20180908~beta1/cl_screen.c:743:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *r_stat_name[r_stat_count] =
data/darkplaces-0~20180908~beta1/cl_screen.c:905:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_speeds_timestring[4096];
data/darkplaces-0~20180908~beta1/cl_screen.c:912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuf[256];
data/darkplaces-0~20180908~beta1/cl_screen.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024+4096];
data/darkplaces-0~20180908~beta1/cl_screen.c:1112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char legend[128];
data/darkplaces-0~20180908~beta1/cl_screen.c:1386:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char old_prefix_name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_screen.c:1387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_screen.c:1388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_screen.c:1393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_screen.c:1650:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, 4 * inw * inh);
data/darkplaces-0~20180908~beta1/cl_screen.c:1708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/darkplaces-0~20180908~beta1/cl_screen.c:1806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH], basename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_screen.c:1818:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/cl_screen.c:1891:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lmplabel[256], picname[256];
data/darkplaces-0~20180908~beta1/cl_screen.c:1913:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cl.showlmps, oldshowlmps, cl.num_showlmps * sizeof(showlmp_t));
data/darkplaces-0~20180908~beta1/cl_screen.c:2192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_screen.c:2250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_screen.c:2440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cl_screen.c:2779:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb_pantsscoreboard[15], palette_rgb_pantscolormap[15], sizeof(*palette_rgb_pantscolormap));
data/darkplaces-0~20180908~beta1/cl_screen.c:2780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb_shirtscoreboard[15], palette_rgb_shirtcolormap[15], sizeof(*palette_rgb_shirtcolormap));
data/darkplaces-0~20180908~beta1/cl_video.c:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char overridename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_video.c:186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(video->subtitle_text[numsubs], com_token, strlen(com_token) + 1);
data/darkplaces-0~20180908~beta1/cl_video.c:615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH], subtitlesfile[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_video.c:679:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/darkplaces-0~20180908~beta1/cl_video.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH]; // name of this video UI element (not the filename)
data/darkplaces-0~20180908~beta1/cl_video.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subtitle_text[CLVIDEO_MAX_SUBTITLES];
data/darkplaces-0~20180908~beta1/cl_video.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:21:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame_palette[768];
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jamHead[16];
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, inbuf, outsize);
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mark, srcptr, 4);
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:280:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destptr, back, rep);
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:292:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frameHead[16], *b;
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:328:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->frame_palette, s->frame_compressed, 768);
data/darkplaces-0~20180908~beta1/cl_video_libavw.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filebase[MAX_OSPATH], check[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/client.h:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cubemapname[64];
data/darkplaces-0~20180908~beta1/client.h:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cubemapname[64];
data/darkplaces-0~20180908~beta1/client.h:678:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map[MAX_STYLESTRING];
data/darkplaces-0~20180908~beta1/client.h:683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_SCOREBOARDNAME];
data/darkplaces-0~20180908~beta1/client.h:688:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qw_userinfo[MAX_USERINFO_STRING];
data/darkplaces-0~20180908~beta1/client.h:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qw_team[8];
data/darkplaces-0~20180908~beta1/client.h:695:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qw_skin[MAX_QPATH];
data/darkplaces-0~20180908~beta1/client.h:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/client.h:771:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char yuvnormalizetable[3][256];
data/darkplaces-0~20180908~beta1/client.h:824:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demos[MAX_DEMOS][MAX_DEMONAME];
data/darkplaces-0~20180908~beta1/client.h:826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demoname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/client.h:868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rcon_commands[MAX_RCONS][MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/client.h:894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qw_downloadname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/client.h:915:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_USERINFO_STRING];
data/darkplaces-0~20180908~beta1/client.h:918:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connect_userinfo[MAX_USERINFO_STRING];
data/darkplaces-0~20180908~beta1/client.h:999:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char color[3];
data/darkplaces-0~20180908~beta1/client.h:1043:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char color[3];
data/darkplaces-0~20180908~beta1/client.h:1049:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char staincolor[3];
data/darkplaces-0~20180908~beta1/client.h:1077:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/darkplaces-0~20180908~beta1/client.h:1078:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pic[128];
data/darkplaces-0~20180908~beta1/client.h:1231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[MAX_MODELS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/client.h:1232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sound_name[MAX_SOUNDS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/client.h:1235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldmessage[40]; // map title (not related to filename)
data/darkplaces-0~20180908~beta1/client.h:1237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldbasename[MAX_QPATH]; // %s
data/darkplaces-0~20180908~beta1/client.h:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldname[MAX_QPATH]; // maps/%s.bsp
data/darkplaces-0~20180908~beta1/client.h:1239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldnamenoextension[MAX_QPATH]; // maps/%s
data/darkplaces-0~20180908~beta1/client.h:1308:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char isquakeentity[MAX_EDICTS];
data/darkplaces-0~20180908~beta1/client.h:1374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qw_serverinfo[MAX_SERVERINFO_STRING];
data/darkplaces-0~20180908~beta1/client.h:1458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csqc_printtextbuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/client.h:1971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fog_height_texturename[64]; // note: must be 64 for the sscanf code
data/darkplaces-0~20180908~beta1/client.h:1977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fogheighttexturename[64]; // detects changes to active fog height texture
data/darkplaces-0~20180908~beta1/client.h:2048:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *cl_meshentitynames[NUM_MESHENTITIES];
data/darkplaces-0~20180908~beta1/clvm_cmds.c:1249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[17];
data/darkplaces-0~20180908~beta1/clvm_cmds.c:1559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[128];
data/darkplaces-0~20180908~beta1/clvm_cmds.c:1634:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, PRVM_G_STRING(OFS_PARM0), alloclen);
data/darkplaces-0~20180908~beta1/clvm_cmds.c:1871:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->fields.fp, in->fields.fp, prog->entityfields * sizeof(prvm_vec_t));
data/darkplaces-0~20180908~beta1/clvm_cmds.c:3632:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/clvm_cmds.c:3657:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fatpvs[MAX_MAP_LEAFS/8];
data/darkplaces-0~20180908~beta1/cmd.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_ALIAS_NAME];
data/darkplaces-0~20180908~beta1/cmd.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd_tokenizebuffer[CMD_TOKENIZELENGTH];
data/darkplaces-0~20180908~beta1/cmd.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(defcmd->value, value, len+1);
data/darkplaces-0~20180908~beta1/cmd.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cmd.c:177:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cmd_text_buf[CMDBUFSIZE];
data/darkplaces-0~20180908~beta1/cmd.c:223:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_text.data, text, l);
data/darkplaces-0~20180908~beta1/cmd.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cmd.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preprocessed[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cmd.c:331:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (line, text, comment ? (comment - text) : i);
data/darkplaces-0~20180908~beta1/cmd.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char build[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cmd.c:781:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(cvCVar->integer == atoi(Cmd_Argv(2) ) )
data/darkplaces-0~20180908~beta1/cmd.c:837:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cmd.c:900:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a->value, cmd, alloclen);
data/darkplaces-0~20180908~beta1/cmd.c:966:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *cmd_argv[MAX_ARGS];
data/darkplaces-0~20180908~beta1/cmd.c:979:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vabuf[1024]; // cmd_mutex
data/darkplaces-0~20180908~beta1/cmd.c:1102:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char varname[MAX_INPUTLINE]; // cmd_mutex
data/darkplaces-0~20180908~beta1/cmd.c:1103:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char varval[MAX_INPUTLINE]; // cmd_mutex
data/darkplaces-0~20180908~beta1/cmd.c:1112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(varname, var, varlen);
data/darkplaces-0~20180908~beta1/cmd.c:1347:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[ MAX_INPUTLINE ]; // cmd_mutex
data/darkplaces-0~20180908~beta1/cmd.c:1348:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer2[ MAX_INPUTLINE ]; // cmd_mutex
data/darkplaces-0~20180908~beta1/cmd.c:1420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cmd.c:1620:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd_tokenizebuffer + cmd_tokenizebufferpos, com_token, l);
data/darkplaces-0~20180908~beta1/cmd.c:2006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[128];
data/darkplaces-0~20180908~beta1/cmd.c:2134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/common.c:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com_token[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/common.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com_modname[MAX_OSPATH] = "";
data/darkplaces-0~20180908~beta1/common.c:198:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char chktbl[1024 + 4] =
data/darkplaces-0~20180908~beta1/common.c:241:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chkb[60 + 4];
data/darkplaces-0~20180908~beta1/common.c:247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chkb, base, length);
data/darkplaces-0~20180908~beta1/common.c:612:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (SZ_GetSpace(buf,length),data,length);
data/darkplaces-0~20180908~beta1/common.c:623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/darkplaces-0~20180908~beta1/common.c:1488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [MAX_OSPATH];
data/darkplaces-0~20180908~beta1/common.c:1546:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gamenetworkfilternamebuffer[64];
data/darkplaces-0~20180908~beta1/common.c:1610:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com_cmdline[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/common.c:2109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuffer[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/common.c:2123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/common.c:2124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/common.c:2258:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *tokens[257];
data/darkplaces-0~20180908~beta1/common.c:2259:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lines[257][512];
data/darkplaces-0~20180908~beta1/common.h:200:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char com_token[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/common.h:317:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char com_modname[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/console.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rcon_redirect_buffer[1400];
data/darkplaces-0~20180908~beta1/console.c:116:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qfont_table[256] = {
data/darkplaces-0~20180908~beta1/console.c:348:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(putpos, line, len);
data/darkplaces-0~20180908~beta1/console.c:384:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char copybuf[MAX_INPUTLINE]; // client only
data/darkplaces-0~20180908~beta1/console.c:404:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_dest_buffer[1400]; // UDP packet
data/darkplaces-0~20180908~beta1/console.c:407:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crt_log_file [MAX_OSPATH] = "";
data/darkplaces-0~20180908~beta1/console.c:418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log_dest_buffer, "\377\377\377\377n", 5); // QW rcon print
data/darkplaces-0~20180908~beta1/console.c:472:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timestamp [128]; // init/shutdown only
data/darkplaces-0~20180908~beta1/console.c:479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestring [64];
data/darkplaces-0~20180908~beta1/console.c:558:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log_dest_buffer + log_dest_buffer_pos, temp + pos, n);
data/darkplaces-0~20180908~beta1/console.c:602:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newqueue, logqueue, logq_ind);
data/darkplaces-0~20180908~beta1/console.c:607:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&logqueue[logq_ind], msg, len);
data/darkplaces-0~20180908~beta1/console.c:629:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sanitizedmsg, msg, len);
data/darkplaces-0~20180908~beta1/console.c:821:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sanitizedmsg, CON_LINES(i).start, len);
data/darkplaces-0~20180908~beta1/console.c:935:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[CON_TEXTSIZE]; // con_mutex
data/darkplaces-0~20180908~beta1/console.c:989:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rcon_redirect_buffer, "\377\377\377\377n", 5); // QW rcon print
data/darkplaces-0~20180908~beta1/console.c:1005:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rcon_redirect_buffer, "\377\377\377\377n", 5); // QW rcon print
data/darkplaces-0~20180908~beta1/console.c:1133:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/console.c:1233:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char printline[MAX_INPUTLINE * 4 + 3];
data/darkplaces-0~20180908~beta1/console.c:1354:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char printline[MAX_INPUTLINE]; // it can only get shorter here
data/darkplaces-0~20180908~beta1/console.c:1422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/console.c:1449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/console.c:1479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/console.c:1513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[sizeof(key_line)+5+1]; // space for ^^xRGB too
data/darkplaces-0~20180908~beta1/console.c:1583:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf16[16];
data/darkplaces-0~20180908~beta1/console.c:1585:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, curbuf, len);
data/darkplaces-0~20180908~beta1/console.c:1746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temptext[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/console.c:1825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf16[16];
data/darkplaces-0~20180908~beta1/console.c:2085:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/darkplaces-0~20180908~beta1/console.c:2089:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/darkplaces-0~20180908~beta1/console.c:2116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[64];
data/darkplaces-0~20180908~beta1/console.c:2117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entfilename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/console.c:2118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[64];
data/darkplaces-0~20180908~beta1/console.c:2177:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entfilename + strlen(entfilename) - 4, ".ent", 5);
data/darkplaces-0~20180908~beta1/console.c:2239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(completedname, (t->filenames[0]+5), min(p, completednamebufferlength - 1));
data/darkplaces-0~20180908~beta1/console.c:2288:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Nicks_list[MAX_SCOREBOARD][MAX_SCOREBOARDNAME]; // contains the nicks with colors and all that
data/darkplaces-0~20180908~beta1/console.c:2289:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Nicks_sanlist[MAX_SCOREBOARD][MAX_SCOREBOARDNAME]; // sanitized list for completion when there are other possible matches.
data/darkplaces-0~20180908~beta1/console.c:2374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/darkplaces-0~20180908~beta1/console.c:2489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[sizeof(Nicks_sanlist[0])];
data/darkplaces-0~20180908~beta1/console.c:2548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[sizeof(Nicks_sanlist[0])];
data/darkplaces-0~20180908~beta1/console.c:2704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[Nicks_matchpos], msg, len);
data/darkplaces-0~20180908~beta1/console.c:2721:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[Nicks_matchpos], msg, len);
data/darkplaces-0~20180908~beta1/console.c:2744:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char **list[4] = {0, 0, 0, 0};
data/darkplaces-0~20180908~beta1/console.c:2745:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[512];
data/darkplaces-0~20180908~beta1/console.c:2746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[512];
data/darkplaces-0~20180908~beta1/console.c:2750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/console.c:2778:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MAX_QPATH];
data/darkplaces-0~20180908~beta1/console.c:2799:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MAX_QPATH];
data/darkplaces-0~20180908~beta1/console.c:3006:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&key_line[key_linepos], cmd, cmd_len);
data/darkplaces-0~20180908~beta1/console.c:3017:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&key_line[key_linepos] , Nicks_list[0], cmd_len);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:88:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[pos], lumps[i], lumpsize[i]);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:101:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f = fdopen(atoi(fn + 8), "rb");
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:103:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "rb");
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:130:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f = fdopen(atoi(fn + 8), "wb");
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:132:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "wb");
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:245:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fp64[513]; size_t fp64size = 512;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:279:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *lumps[2];
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumps_w0[65536];
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumps_w1[65536];
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fp64[513]; size_t fp64size = 512;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:309:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntasks = atoi(optarg);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:312:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bits = atoi(optarg);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:589:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536]; size_t bufsize;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:590:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[65536]; size_t buf2size;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:717:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[131073];
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:719:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536]; size_t bufsize;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:720:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[65536]; size_t buf2size;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:724:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hexbuf[2*i], "%02x", (unsigned char)buf[i]);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:733:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hexbuf[2*i], "%02x", (unsigned char)buf[i]);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:740:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[131073];
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:742:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536]; size_t bufsize;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[65536]; size_t buf2size;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:752:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hexbuf[2*i], "%02x", (unsigned char)buf[i]);
data/darkplaces-0~20180908~beta1/crypto.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char crypto_idstring_buf[512];
data/darkplaces-0~20180908~beta1/crypto.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[pos], lumps[i], lumpsize[i]);
data/darkplaces-0~20180908~beta1/crypto.c:323:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char plaintext[16], unsigned char ciphertext[16]);
data/darkplaces-0~20180908~beta1/crypto.c:323:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char plaintext[16], unsigned char ciphertext[16]);
data/darkplaces-0~20180908~beta1/crypto.c:325:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char ciphertext[16], unsigned char plaintext[16]);
data/darkplaces-0~20180908~beta1/crypto.c:325:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char ciphertext[16], unsigned char plaintext[16]);
data/darkplaces-0~20180908~beta1/crypto.c:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:409:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*data, str, l+1);
data/darkplaces-0~20180908~beta1/crypto.c:450:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *p[2];
data/darkplaces-0~20180908~beta1/crypto.c:468:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *p[1];
data/darkplaces-0~20180908~beta1/crypto.c:480:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pubkeys_fp64[MAX_PUBKEYS][FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.c:483:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pubkeys_priv_fp64[MAX_PUBKEYS][FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.c:484:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char challenge_append[1400];
data/darkplaces-0~20180908~beta1/crypto.c:488:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keygen_buf[8192];
data/darkplaces-0~20180908~beta1/crypto.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char challenge[2048];
data/darkplaces-0~20180908~beta1/crypto.c:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wantserver_idfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.c:565:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, crypto, sizeof(*out));
data/darkplaces-0~20180908~beta1/crypto.c:581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.c:612:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/darkplaces-0~20180908~beta1/crypto.c:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/darkplaces-0~20180908~beta1/crypto.c:638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.c:687:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idfp, idstart, FP64_SIZE);
data/darkplaces-0~20180908~beta1/crypto.c:724:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hk->idfp, idfp, FP64_SIZE+1);
data/darkplaces-0~20180908~beta1/crypto.c:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/darkplaces-0~20180908~beta1/crypto.c:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:842:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/darkplaces-0~20180908~beta1/crypto.c:857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:1104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *p[1];
data/darkplaces-0~20180908~beta1/crypto.c:1106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8192];
data/darkplaces-0~20180908~beta1/crypto.c:1107:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[8192];
data/darkplaces-0~20180908~beta1/crypto.c:1111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:1217:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *p[1];
data/darkplaces-0~20180908~beta1/crypto.c:1219:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8192];
data/darkplaces-0~20180908~beta1/crypto.c:1220:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[8192];
data/darkplaces-0~20180908~beta1/crypto.c:1223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:1239:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/crypto.c:1340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, Cmd_Argv(2), buf2pos);
data/darkplaces-0~20180908~beta1/crypto.c:1404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/darkplaces-0~20180908~beta1/crypto.c:1471:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xorbuf[16];
data/darkplaces-0~20180908~beta1/crypto.c:1497:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xorbuf[16];
data/darkplaces-0~20180908~beta1/crypto.c:1525:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[32];
data/darkplaces-0~20180908~beta1/crypto.c:1545:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) data_dst)[0] = (unsigned char)(*len_dst - len_src);
data/darkplaces-0~20180908~beta1/crypto.c:1546:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char *) data_dst)+1, h, 15);
data/darkplaces-0~20180908~beta1/crypto.c:1559:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_dst, h, 16);
data/darkplaces-0~20180908~beta1/crypto.c:1560:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char *) data_dst) + 16, (unsigned char *) data_src, len_src);
data/darkplaces-0~20180908~beta1/crypto.c:1582:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[32];
data/darkplaces-0~20180908~beta1/crypto.c:1603:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*len_dst = len_src - ((unsigned char *) data_src)[0];
data/darkplaces-0~20180908~beta1/crypto.c:1700:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_out + *len_out, challenge_append, challenge_append_length);
data/darkplaces-0~20180908~beta1/crypto.c:1732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infostringvalue[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/crypto.c:1733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:1765:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = (cnt ? atoi(cnt) : -1);
data/darkplaces-0~20180908~beta1/crypto.c:1789:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aeslevel = bound(0, atoi(s), 3);
data/darkplaces-0~20180908~beta1/crypto.c:1981:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuf[32];
data/darkplaces-0~20180908~beta1/crypto.c:1985:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dhkey[DHKEY_SIZE];
data/darkplaces-0~20180908~beta1/crypto.c:2042:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infostringvalue[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/crypto.c:2113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infostringvalue[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/crypto.c:2114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/crypto.c:2207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wantserver_idfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.c:2323:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CDATA->wantserver_idfp, wantserver_idfp, sizeof(crypto->server_idfp));
data/darkplaces-0~20180908~beta1/crypto.c:2424:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = (cnt ? atoi(cnt) : -1);
data/darkplaces-0~20180908~beta1/crypto.c:2443:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aes = atoi(s);
data/darkplaces-0~20180908~beta1/crypto.c:2479:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuf[32];
data/darkplaces-0~20180908~beta1/crypto.c:2562:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dhkey[DHKEY_SIZE];
data/darkplaces-0~20180908~beta1/crypto.c:2576:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aes = atoi(s);
data/darkplaces-0~20180908~beta1/crypto.h:21:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dhkey[DHKEY_SIZE]; // shared key, not NUL terminated
data/darkplaces-0~20180908~beta1/crypto.h:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_idfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.h:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_keyfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_idfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/crypto.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_keyfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/csprogs.c:420:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entrender->framegroupblend, ed->priv.server->framegroupblend, sizeof(ed->priv.server->framegroupblend));
data/darkplaces-0~20180908~beta1/csprogs.c:424:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entrender->frameblend, ed->priv.server->frameblend, sizeof(ed->priv.server->frameblend));
data/darkplaces-0~20180908~beta1/csprogs.c:582:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/csprogs.c:947:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/csprogs.c:991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/csprogs.c:1108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/cvar.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/cvar.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *)var->string, value, valuelen + 1);
data/darkplaces-0~20180908~beta1/cvar.c:456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cvar.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cvar.c:551:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *)variable->string, oldstr, alloclen);
data/darkplaces-0~20180908~beta1/cvar.c:553:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *)variable->defstring, oldstr, alloclen);
data/darkplaces-0~20180908~beta1/cvar.c:728:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)var->defstring, var->string, alloclen);
data/darkplaces-0~20180908~beta1/cvar.c:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_INPUTLINE], buf2[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/cvar.c:1048:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/dpvsimpledecode.c:22:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[HZREADBLOCKSIZE];
data/darkplaces-0~20180908~beta1/dpvsimpledecode.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[8], *wavename;
data/darkplaces-0~20180908~beta1/dpvsimpledecode.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[4];
data/darkplaces-0~20180908~beta1/draw.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texpath[MAX_QPATH];
data/darkplaces-0~20180908~beta1/draw.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[MAX_QPATH];
data/darkplaces-0~20180908~beta1/draw.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fallbacks[MAX_FONT_FALLBACKS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/filematch.c:110:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->strings, oldstrings, list->numstrings * sizeof(*list->strings));
data/darkplaces-0~20180908~beta1/filematch.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->strings[list->numstrings], text, textlen);
data/darkplaces-0~20180908~beta1/filematch.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/filematch.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[4096];
data/darkplaces-0~20180908~beta1/filematch.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/filematch.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listpath[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:240:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input [FILE_BUFF_SIZE];
data/darkplaces-0~20180908~beta1/fs.c:254:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff [FILE_BUFF_SIZE];
data/darkplaces-0~20180908~beta1/fs.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[56];
data/darkplaces-0~20180908~beta1/fs.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/darkplaces-0~20180908~beta1/fs.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [MAX_QPATH];
data/darkplaces-0~20180908~beta1/fs.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename [MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortname [MAX_QPATH];
data/darkplaces-0~20180908~beta1/fs.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:372:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_userdir[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:373:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_gamedir[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:374:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_basedir[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:379:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_gamedirs[MAX_GAMEDIRS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/fs.c:606:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (eocd, ptr, ZIP_END_CDIR_SIZE);
data/darkplaces-0~20180908~beta1/fs.c:711:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename [sizeof (pack->files[0].name)];
data/darkplaces-0~20180908~beta1/fs.c:717:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (filename, &ptr[ZIP_CDIR_CHUNK_BASE_SIZE], namesize);
data/darkplaces-0~20180908~beta1/fs.c:839:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer [ZIP_LOCAL_CHUNK_BASE_SIZE];
data/darkplaces-0~20180908~beta1/fs.c:1237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:1314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:1421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamedirbuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/fs.c:1422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:1603:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamedirs[MAX_GAMEDIRS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/fs.c:1643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:1678:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8192];
data/darkplaces-0~20180908~beta1/fs.c:1679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:1710:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:1788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(&new_argv[i]), &com_argv[1], sizeof(*com_argv) * (com_argc - 1));
data/darkplaces-0~20180908~beta1/fs.c:1856:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR mydocsdir[MAX_PATH + 1];
data/darkplaces-0~20180908~beta1/fs.c:1858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savedgamesdir[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:1860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:1934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:2052:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/fs.c:2279:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open (filepath, mod | opt, 0666);
data/darkplaces-0~20180908~beta1/fs.c:2566:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netpath[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:2611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path [MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:2630:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkbuf[MAX_QPATH];
data/darkplaces-0~20180908~beta1/fs.c:2676:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linkbuf, filename, spaceNeeded);
data/darkplaces-0~20180908~beta1/fs.c:2713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path [MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:2899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, file->data + file->position, buffersize);
data/darkplaces-0~20180908~beta1/fs.c:2910:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, &file->buff[file->buff_ind], count);
data/darkplaces-0~20180908~beta1/fs.c:2967:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((unsigned char*)buffer)[done], file->buff, count);
data/darkplaces-0~20180908~beta1/fs.c:3031:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((unsigned char*)buffer)[done], file->buff, count);
data/darkplaces-0~20180908~beta1/fs.c:3480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:3590:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(basepath, pattern, basepathlength);
data/darkplaces-0~20180908~beta1/fs.c:3603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:3648:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subpath[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:3649:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subpattern[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:3687:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.c:3747:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(search->filenames[numfiles], resultlist.strings[resultlistindex], textlen);
data/darkplaces-0~20180908~beta1/fs.c:3773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/fs.c:4045:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tmp, strm.total_out);
data/darkplaces-0~20180908~beta1/fs.c:4062:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data, olddata, oldsize);
data/darkplaces-0~20180908~beta1/fs.c:4073:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[2048];
data/darkplaces-0~20180908~beta1/fs.c:4154:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, outbuf.data, outbuf.cursize);
data/darkplaces-0~20180908~beta1/fs.h:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fs_gamedir [MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.h:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fs_basedir [MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.h:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fs_userdir [MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.h:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fs_gamedirs[MAX_GAMEDIRS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/fs.h:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/fs.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[8192];
data/darkplaces-0~20180908~beta1/ft2.c:245:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char circlematrix[2*POSTPROCESS_MAXRADIUS+1][2*POSTPROCESS_MAXRADIUS+1];
data/darkplaces-0~20180908~beta1/ft2.c:246:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gausstable[2*POSTPROCESS_MAXRADIUS+1];
data/darkplaces-0~20180908~beta1/ft2.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_QPATH];
data/darkplaces-0~20180908~beta1/ft2.c:483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(na, font->attachments, sizeof(font->attachments[0]) * (font->attachmentcount - 1));
data/darkplaces-0~20180908~beta1/ft2.c:486:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(na + sizeof(font->attachments[0]) * (font->attachmentcount - 1), attachment, sizeof(*attachment));
data/darkplaces-0~20180908~beta1/ft2.c:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/ft2.c:626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/ft2.c:655:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, name, namelen+1);
data/darkplaces-0~20180908~beta1/ft2.c:660:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename + namelen, ".ttf", 5);
data/darkplaces-0~20180908~beta1/ft2.c:666:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename + namelen, ".otf", 5);
data/darkplaces-0~20180908~beta1/ft2.c:674:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename + namelen, ".pfb", 5);
data/darkplaces-0~20180908~beta1/ft2.c:679:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename + namelen, ".afm", 5);
data/darkplaces-0~20180908~beta1/ft2.c:1221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_identifier[MAX_QPATH];
data/darkplaces-0~20180908~beta1/ft2.c:1229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/ft2.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/darkplaces-0~20180908~beta1/gl_backend.c:1563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compilelog[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/gl_backend.c:1594:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linklog[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/gl_backend.c:1851:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *buffertypename[R_BUFFERDATA_COUNT] = {"vertex", "index16", "index32", "uniform"};
data/darkplaces-0~20180908~beta1/gl_draw.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_draw.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char widthfile[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_draw.c:545:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mainfont[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_draw.c:586:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f->req_face = atoi(c+1);
data/darkplaces-0~20180908~beta1/gl_draw.c:597:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mainfont, filelist, c - filelist);
data/darkplaces-0~20180908~beta1/gl_draw.c:612:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f->fallback_faces[i] = atoi(c+1);
data/darkplaces-0~20180908~beta1/gl_draw.c:624:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->fallbacks[i], filelist, c - filelist);
data/darkplaces-0~20180908~beta1/gl_draw.c:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/gl_rmain.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[64];
data/darkplaces-0~20180908~beta1/gl_rmain.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_rmain.c:369:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[4];
data/darkplaces-0~20180908~beta1/gl_rmain.c:395:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pix[16][16][4];
data/darkplaces-0~20180908~beta1/gl_rmain.c:422:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[6*1*1*4];
data/darkplaces-0~20180908~beta1/gl_rmain.c:493:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data1[FOGWIDTH][4];
data/darkplaces-0~20180908~beta1/gl_rmain.c:576:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r_refdef.fog_height_table1d, inpixels, size * 4);
data/darkplaces-0~20180908~beta1/gl_rmain.c:865:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *shaderstaticparmstrings_list[SHADERSTATICPARMS_COUNT];
data/darkplaces-0~20180908~beta1/gl_rmain.c:876:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r_compileshader_staticparms_save, r_compileshader_staticparms, sizeof(r_compileshader_staticparms));
data/darkplaces-0~20180908~beta1/gl_rmain.c:988:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, t, len);
data/darkplaces-0~20180908~beta1/gl_rmain.c:1005:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_rmain.c:1040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char permutationname[256];
data/darkplaces-0~20180908~beta1/gl_rmain.c:1044:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *vertstrings_list[32+5+SHADERSTATICPARMS_COUNT+1];
data/darkplaces-0~20180908~beta1/gl_rmain.c:1045:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *geomstrings_list[32+5+SHADERSTATICPARMS_COUNT+1];
data/darkplaces-0~20180908~beta1/gl_rmain.c:1046:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fragstrings_list[32+5+SHADERSTATICPARMS_COUNT+1];
data/darkplaces-0~20180908~beta1/gl_rmain.c:1133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(vertstrings_list + vertstrings_count), shaderstaticparmstrings_list, sizeof(*vertstrings_list) * shaderstaticparms_count);
data/darkplaces-0~20180908~beta1/gl_rmain.c:1135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(geomstrings_list + geomstrings_count), shaderstaticparmstrings_list, sizeof(*vertstrings_list) * shaderstaticparms_count);
data/darkplaces-0~20180908~beta1/gl_rmain.c:1137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(fragstrings_list + fragstrings_count), shaderstaticparmstrings_list, sizeof(*vertstrings_list) * shaderstaticparms_count);
data/darkplaces-0~20180908~beta1/gl_rmain.c:1163:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uniformname[128];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2521:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fogpixels, skindata, width * height * 4);
data/darkplaces-0~20180908~beta1/gl_rmain.c:2571:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skinframe->qpixels, skindata, width*height);
data/darkplaces-0~20180908~beta1/gl_rmain.c:2589:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
R_SKINFRAME_LOAD_AVERAGE_COLORS(width * height, ((unsigned char *)palette_bgra_complete)[skindata[pix]*4 + comp]);
data/darkplaces-0~20180908~beta1/gl_rmain.c:2600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2672:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2707:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((unsigned char *)palette)[skindata[i]*4+3] < 255)
data/darkplaces-0~20180908~beta1/gl_rmain.c:2717:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
R_SKINFRAME_LOAD_AVERAGE_COLORS(width * height, ((unsigned char *)palette)[skindata[pix]*4 + comp]);
data/darkplaces-0~20180908~beta1/gl_rmain.c:2754:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pix[16][16][4];
data/darkplaces-0~20180908~beta1/gl_rmain.c:2860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/darkplaces-0~20180908~beta1/gl_rmain.c:3144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *entities, entname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_rmain.c:3580:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, data, size);
data/darkplaces-0~20180908~beta1/gl_rmain.c:4576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[256];
data/darkplaces-0~20180908~beta1/gl_rmain.c:4853:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r_refdef.viewcache.world_pvsbits, p->pvsbits, r_refdef.scene.worldmodel->brush.num_pvsclusterbytes);
data/darkplaces-0~20180908~beta1/gl_rmain.c:4901:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r_refdef.viewcache.world_pvsbits, p->pvsbits, r_refdef.scene.worldmodel->brush.num_pvsclusterbytes);
data/darkplaces-0~20180908~beta1/gl_rmain.c:5514:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rampbgr[RAMPWIDTH][4];
data/darkplaces-0~20180908~beta1/gl_rmain.c:6221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(color4f, nomodelcolor4f, sizeof(float[6*4]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:6544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/gl_rmain.c:6546:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixels[296*194];
data/darkplaces-0~20180908~beta1/gl_rmain.c:6996:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.frameblend, ent->frameblend, sizeof(ent->frameblend));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7768:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchelement3i + 3*numtriangles, rsurface.modelelement3i + 3*surfacefirsttriangle, surfacenumtriangles*sizeof(int[3]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7864:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rsurface.batchskeletalindex4ub = (unsigned char *)R_FrameData_Alloc(batchnumvertices * sizeof(unsigned char[4]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7865:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rsurface.batchskeletalweight4ub = (unsigned char *)R_FrameData_Alloc(batchnumvertices * sizeof(unsigned char[4]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7881:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchvertex3f + 3*numvertices, rsurface.modelvertex3f + 3*surfacefirstvertex, surfacenumvertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7888:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchnormal3f + 3*numvertices, rsurface.modelnormal3f + 3*surfacefirstvertex, surfacenumvertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7896:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchsvector3f + 3*numvertices, rsurface.modelsvector3f + 3*surfacefirstvertex, surfacenumvertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7897:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchtvector3f + 3*numvertices, rsurface.modeltvector3f + 3*surfacefirstvertex, surfacenumvertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7908:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchlightmapcolor4f + 4*numvertices, rsurface.modellightmapcolor4f + 4*surfacefirstvertex, surfacenumvertices * sizeof(float[4]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7915:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchtexcoordtexture2f + 2*numvertices, rsurface.modeltexcoordtexture2f + 2*surfacefirstvertex, surfacenumvertices * sizeof(float[2]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7922:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchtexcoordlightmap2f + 2*numvertices, rsurface.modeltexcoordlightmap2f + 2*surfacefirstvertex, surfacenumvertices * sizeof(float[2]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7930:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchskeletalindex4ub + 4*numvertices, rsurface.modelskeletalindex4ub + 4*surfacefirstvertex, surfacenumvertices * sizeof(unsigned char[4]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:7931:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchskeletalweight4ub + 4*numvertices, rsurface.modelskeletalweight4ub + 4*surfacefirstvertex, surfacenumvertices * sizeof(unsigned char[4]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:8444:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsurface.batchtexcoordtexture2f, rsurface.batchtexcoordlightmap2f, batchnumvertices * sizeof(float[2]));
data/darkplaces-0~20180908~beta1/gl_rmain.c:9144:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(decalsystem->decals, old.decals, decalsystem->numdecals * sizeof(tridecal_t));
data/darkplaces-0~20180908~beta1/gl_textures.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[MAX_QPATH + 32];
data/darkplaces-0~20180908~beta1/gl_textures.c:1184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temppixels, data, size);
data/darkplaces-0~20180908~beta1/gl_textures.c:1505:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dds, "DDS ", 4);
data/darkplaces-0~20180908~beta1/gl_textures.c:1519:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dds+84, ddsfourcc, 4);
data/darkplaces-0~20180908~beta1/gl_textures.c:1569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/gl_textures.c:1570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf2[1024];
data/darkplaces-0~20180908~beta1/gl_textures.c:1882:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ddspixels[i], &ddspixels[(i<<1)+8], 8);
data/darkplaces-0~20180908~beta1/gl_textures.c:2306:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, input, width*bpp);
data/darkplaces-0~20180908~beta1/hmac.c:11:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashbuf[32];
data/darkplaces-0~20180908~beta1/hmac.c:12:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k_xor_ipad[128];
data/darkplaces-0~20180908~beta1/hmac.c:13:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k_xor_opad[128];
data/darkplaces-0~20180908~beta1/hmac.c:38:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_xor_opad, key, k);
data/darkplaces-0~20180908~beta1/hmac.c:51:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(catbuf, k_xor_ipad, hblock);
data/darkplaces-0~20180908~beta1/hmac.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(catbuf + hblock, in, n);
data/darkplaces-0~20180908~beta1/hmac.c:54:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(catbuf, k_xor_opad, hblock);
data/darkplaces-0~20180908~beta1/hmac.c:55:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(catbuf + hblock, hashbuf, hlen);
data/darkplaces-0~20180908~beta1/host.c:118:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hosterrorstring1[MAX_INPUTLINE]; // THREAD UNSAFE
data/darkplaces-0~20180908~beta1/host.c:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hosterrorstring2[MAX_INPUTLINE]; // THREAD UNSAFE
data/darkplaces-0~20180908~beta1/host.c:192:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (i && i + 1 < com_argc && atoi (com_argv[i+1]) >= 1)
data/darkplaces-0~20180908~beta1/host.c:193:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
svs.maxclients = atoi (com_argv[i+1]);
data/darkplaces-0~20180908~beta1/host.c:207:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (i + 1 < com_argc && atoi (com_argv[i+1]) >= 1)
data/darkplaces-0~20180908~beta1/host.c:208:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
svs.maxclients = atoi (com_argv[i+1]);
data/darkplaces-0~20180908~beta1/host.c:377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/host.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/host.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/host.c:478:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufdata[8];
data/darkplaces-0~20180908~beta1/host.c:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/host.c:1090:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char engineversion[128];
data/darkplaces-0~20180908~beta1/host.c:1107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/host.c:1121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/host.c:1164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/host_cmd.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qcstatus[256];
data/darkplaces-0~20180908~beta1/host_cmd.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[48]; // can contain a full length v6 address with [] and a port
data/darkplaces-0~20180908~beta1/host_cmd.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/host_cmd.c:173:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frags = atoi(qcstatus);
data/darkplaces-0~20180908~beta1/host_cmd.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[MAX_QPATH];
data/darkplaces-0~20180908~beta1/host_cmd.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[MAX_QPATH];
data/darkplaces-0~20180908~beta1/host_cmd.c:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/host_cmd.c:481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[128];
data/darkplaces-0~20180908~beta1/host_cmd.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[SAVEGAME_COMMENT_LENGTH+1];
data/darkplaces-0~20180908~beta1/host_cmd.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/host_cmd.c:711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/host_cmd.c:768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/host_cmd.c:769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/host_cmd.c:818:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1008:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1018:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1031:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1042:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1047:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k |= atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1063:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1069:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(com_token);
data/darkplaces-0~20180908~beta1/host_cmd.c:1121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newName[sizeof(host_client->name)];
data/darkplaces-0~20180908~beta1/host_cmd.c:1224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(host_client->name + strlen(host_client->name), STRING_COLOR_DEFAULT_STR, strlen(STRING_COLOR_DEFAULT_STR) + 1);
data/darkplaces-0~20180908~beta1/host_cmd.c:1251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newPath[sizeof(host_client->playermodel)];
data/darkplaces-0~20180908~beta1/host_cmd.c:1311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newPath[sizeof(host_client->playerskin)];
data/darkplaces-0~20180908~beta1/host_cmd.c:1376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/darkplaces-0~20180908~beta1/host_cmd.c:1457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAX_INPUTLINE]; // LordHavoc: FIXME: temporary buffer overflow fix (was 64)
data/darkplaces-0~20180908~beta1/host_cmd.c:1521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128];
data/darkplaces-0~20180908~beta1/host_cmd.c:1530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namebuf, playername_start, playername_length);
data/darkplaces-0~20180908~beta1/host_cmd.c:1655:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
top = bottom = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:1658:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
top = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:1659:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bottom = atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/host_cmd.c:1676:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Host_Color(atoi(Cmd_Argv(1)), -1);
data/darkplaces-0~20180908~beta1/host_cmd.c:1691:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Host_Color(-1, atoi(Cmd_Argv(1)));
data/darkplaces-0~20180908~beta1/host_cmd.c:1710:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rate = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:1731:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rate_burstsize = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:1828:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:2156:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi (Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/host_cmd.c:2329:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:2484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/host_cmd.c:2533:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:2587:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufdata[64];
data/darkplaces-0~20180908~beta1/host_cmd.c:2653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/darkplaces-0~20180908~beta1/host_cmd.c:2673:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1500];
data/darkplaces-0~20180908~beta1/host_cmd.c:2674:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argbuf[1500];
data/darkplaces-0~20180908~beta1/host_cmd.c:2676:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\377\377\377\377srcon HMAC-MD4 TIME ", 24);
data/darkplaces-0~20180908~beta1/host_cmd.c:2686:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1500];
data/darkplaces-0~20180908~beta1/host_cmd.c:2687:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/host_cmd.c:2714:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(Cmd_Argv(1));
data/darkplaces-0~20180908~beta1/host_cmd.c:2766:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[512];
data/darkplaces-0~20180908~beta1/host_cmd.c:2775:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl.qw_teamplay = atoi(temp);
data/darkplaces-0~20180908~beta1/host_cmd.c:2788:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[512];
data/darkplaces-0~20180908~beta1/host_cmd.c:2789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512];
data/darkplaces-0~20180908~beta1/host_cmd.c:2866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send[2048];
data/darkplaces-0~20180908~beta1/host_cmd.c:2940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[128];
data/darkplaces-0~20180908~beta1/host_cmd.c:2998:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl.scores[i].qw_ping = atoi(Cmd_Argv(1+i*2));
data/darkplaces-0~20180908~beta1/host_cmd.c:3001:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl.scores[i].qw_movementloss = atoi(errbyte + 1);
data/darkplaces-0~20180908~beta1/image.c:182:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette[48];
data/darkplaces-0~20180908~beta1/image.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filler[58];
data/darkplaces-0~20180908~beta1/image.c:369:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette768b, f + filesize - 768, 768);
data/darkplaces-0~20180908~beta1/image.c:412:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/darkplaces-0~20180908~beta1/image.c:480:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palettei, fin, targa_header.colormap_length*4);
data/darkplaces-0~20180908~beta1/image.c:578:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixbufi + y * (image_width + row_inci), fin + y * image_width * pix_inc, image_width*4);
data/darkplaces-0~20180908~beta1/image.c:756:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/darkplaces-0~20180908~beta1/image.c:759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char animname[32]; // next frame in animation chain
data/darkplaces-0~20180908~beta1/image.c:834:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retanimname32c, inwal->animname, 32);
data/darkplaces-0~20180908~beta1/image.c:927:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char image_linearfromsrgb[256];
data/darkplaces-0~20180908~beta1/image.c:928:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char image_srgbfromlinear_lightmap[256];
data/darkplaces-0~20180908~beta1/image.c:1048:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_QPATH], name[MAX_QPATH], name2[MAX_QPATH], path[MAX_QPATH], afterpath[MAX_QPATH], *c;
data/darkplaces-0~20180908~beta1/image.c:1049:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/image.c:1131:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfilename[MAX_QPATH], buf[MAX_QPATH];
data/darkplaces-0~20180908~beta1/image.c:1197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lmppath[MAX_QPATH];
data/darkplaces-0~20180908~beta1/image.c:1378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfilename[MAX_QPATH], buf[MAX_QPATH];
data/darkplaces-0~20180908~beta1/image.c:1412:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[18];
data/darkplaces-0~20180908~beta1/image.c:1463:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data + y * width * 4, width * 4);
data/darkplaces-0~20180908~beta1/image.c:1553:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resamplerow1, resamplerow2, outwidth4);
data/darkplaces-0~20180908~beta1/image.c:1616:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resamplerow1, resamplerow2, outwidth4);
data/darkplaces-0~20180908~beta1/image.c:1621:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, resamplerow1, outwidth4);
data/darkplaces-0~20180908~beta1/image.c:1769:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *b, *row[3];
data/darkplaces-0~20180908~beta1/image_png.c:358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, my_png.tmpBuf + my_png.tmpi, length);
data/darkplaces-0~20180908~beta1/image_png.c:389:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ioBuffer[8192];
data/darkplaces-0~20180908~beta1/image_png.c:586:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ioBuffer[8192];
data/darkplaces-0~20180908~beta1/input.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/darkplaces-0~20180908~beta1/jpeg.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[JMSG_STR_PARM_MAX];
data/darkplaces-0~20180908~beta1/jpeg.c:278:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arith_dc_L[NUM_ARITH_TBLS];
data/darkplaces-0~20180908~beta1/jpeg.c:279:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arith_dc_U[NUM_ARITH_TBLS];
data/darkplaces-0~20180908~beta1/jpeg.c:280:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arith_ac_K[NUM_ARITH_TBLS];
data/darkplaces-0~20180908~beta1/jpeg.c:342:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arith_dc_L[NUM_ARITH_TBLS];
data/darkplaces-0~20180908~beta1/jpeg.c:343:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arith_dc_U[NUM_ARITH_TBLS];
data/darkplaces-0~20180908~beta1/jpeg.c:344:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arith_ac_K[NUM_ARITH_TBLS];
data/darkplaces-0~20180908~beta1/jpeg.c:460:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char jpeg_eoi_marker [2] = {0xFF, JPEG_EOI};
data/darkplaces-0~20180908~beta1/jpeg.c:956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1048576];
data/darkplaces-0~20180908~beta1/jpeg.c:1000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/jpeg.c:1012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/jpeg.c:1031:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/keys.c:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_line[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keybindings[MAX_BINDMAPS][MAX_KEYS];
data/darkplaces-0~20180908~beta1/keys.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char history_savedline[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char history_searchstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/keys.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/keys.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/keys.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/keys.c:325:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char keydown[MAX_KEYS]; // 0 = up, 1 = down, 2 = repeating
data/darkplaces-0~20180908~beta1/keys.c:758:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_line + key_linepos, cbd, i);
data/darkplaces-0~20180908~beta1/keys.c:811:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvar[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:850:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&key_line[key_linepos], cvar_str, cvar_str_len);
data/darkplaces-0~20180908~beta1/keys.c:1134:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Cvar_SetValueQuick(&con_textsize, atoi(Cvar_VariableDefString("con_textsize")));
data/darkplaces-0~20180908~beta1/keys.c:1163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/darkplaces-0~20180908~beta1/keys.c:1183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_line + key_linepos, buf, blen);
data/darkplaces-0~20180908~beta1/keys.c:1194:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chat_buffer[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:1200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/keys.c:1337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newbinding, binding, l + 1);
data/darkplaces-0~20180908~beta1/keys.c:1395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:1499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bindbuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:1500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tinystr[2];
data/darkplaces-0~20180908~beta1/keys.c:1550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:1592:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bindbuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.c:1593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tinystr[2];
data/darkplaces-0~20180908~beta1/keys.c:1701:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbl_keyascii[MAX_KEYS];
data/darkplaces-0~20180908~beta1/keys.c:1748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/keys.h:358:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char key_line[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/keys.h:368:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *keybindings[MAX_BINDMAPS][MAX_KEYS];
data/darkplaces-0~20180908~beta1/keys.h:371:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char chat_buffer[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/lhnet.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/darkplaces-0~20180908~beta1/lhnet.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_buff [16];
data/darkplaces-0~20180908~beta1/lhnet.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/darkplaces-0~20180908~beta1/lhnet.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string2[128];
data/darkplaces-0~20180908~beta1/lhnet.c:270:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name, addr_start, namelen);
data/darkplaces-0~20180908~beta1/lhnet.c:274:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(port_name);
data/darkplaces-0~20180908~beta1/lhnet.c:385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/darkplaces-0~20180908~beta1/lhnet.c:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string2[128];
data/darkplaces-0~20180908~beta1/lhnet.c:399:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(colon + 1);
data/darkplaces-0~20180908~beta1/lhnet.c:413:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, string, namelen);
data/darkplaces-0~20180908~beta1/lhnet.c:561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string, "local", 6);
data/darkplaces-0~20180908~beta1/lhnet.c:1123:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(content, p->data, p->length);
data/darkplaces-0~20180908~beta1/lhnet.c:1205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data, content, contentlength);
data/darkplaces-0~20180908~beta1/lhnet.c:1312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1536], addressstring[128], addressstring2[128];
data/darkplaces-0~20180908~beta1/lhnet.c:1313:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((argc == 2 || argc == 5) && (port = atoi(argv[1])) >= 1 && port < 65535)
data/darkplaces-0~20180908~beta1/lhnet.c:1349:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(argv[2]);
data/darkplaces-0~20180908~beta1/lhnet.h:20:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char storage[256]; // sockaddr_in or sockaddr_in6
data/darkplaces-0~20180908~beta1/libcurl.c:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/libcurl.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024];
data/darkplaces-0~20180908~beta1/libcurl.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char referer[256];
data/darkplaces-0~20180908~beta1/libcurl.c:263:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command_when_done[256] = "";
data/darkplaces-0~20180908~beta1/libcurl.c:264:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command_when_error[256] = "";
data/darkplaces-0~20180908~beta1/libcurl.c:458:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(di->buffer + di->bytes_received, data, bytes);
data/darkplaces-0~20180908~beta1/libcurl.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_type[64];
data/darkplaces-0~20180908~beta1/libcurl.c:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urlbuf[1024];
data/darkplaces-0~20180908~beta1/libcurl.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/libcurl.c:819:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, h, hh - h);
data/darkplaces-0~20180908~beta1/libcurl.c:954:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/libcurl.c:955:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urlbuf[1024];
data/darkplaces-0~20180908~beta1/libcurl.c:966:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressstring[128];
data/darkplaces-0~20180908~beta1/libcurl.c:1079:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[4] = {0};
data/darkplaces-0~20180908~beta1/libcurl.c:1413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urlbuf[1024];
data/darkplaces-0~20180908~beta1/libcurl.c:1568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char donecommand[256];
data/darkplaces-0~20180908~beta1/libcurl.c:1742:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char foundurl[1024]; // invoked only by server
data/darkplaces-0~20180908~beta1/libcurl.c:1805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/libcurl.c:1895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuffer[4096] = "";
data/darkplaces-0~20180908~beta1/libcurl.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/mdfour.c:136:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/darkplaces-0~20180908~beta1/mdfour.c:145:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (n) memcpy(buf, in, n);
data/darkplaces-0~20180908~beta1/menu.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_return_reason[128];
data/darkplaces-0~20180908~beta1/menu.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[2];
data/darkplaces-0~20180908~beta1/menu.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:749:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:846:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_filenames[MAX_SAVEGAMES][SAVEGAME_COMMENT_LENGTH+1];
data/darkplaces-0~20180908~beta1/menu.c:853:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/menu.c:854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAVEGAME_COMMENT_LENGTH + 256];
data/darkplaces-0~20180908~beta1/menu.c:956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:998:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:1049:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:1107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:1210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:1277:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char setup_myname[MAX_SCOREBOARDNAME];
data/darkplaces-0~20180908~beta1/menu.c:1339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:1383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(menuplyr_pixels, f + 8, width * height);
data/darkplaces-0~20180908~beta1/menu.c:1432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:1546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[16];
data/darkplaces-0~20180908~beta1/menu.c:2455:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *(*bindnames)[2];
data/darkplaces-0~20180908~beta1/menu.c:2609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/menu.c:2643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tinystr[2];
data/darkplaces-0~20180908~beta1/menu.c:2667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[80];
data/darkplaces-0~20180908~beta1/menu.c:2669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tinystr[2];
data/darkplaces-0~20180908~beta1/menu.c:2912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:3105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:3166:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *m_quit_message[9];
data/darkplaces-0~20180908~beta1/menu.c:3326:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lanConfig_portname[6];
data/darkplaces-0~20180908~beta1/menu.c:3327:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lanConfig_joinname[40];
data/darkplaces-0~20180908~beta1/menu.c:3354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:3405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:3507:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l = atoi(lanConfig_portname);
data/darkplaces-0~20180908~beta1/menu.c:3978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:4299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnamebuf[128];
data/darkplaces-0~20180908~beta1/menu.c:4300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:4358:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostnamebuf, hostname.string, l);
data/darkplaces-0~20180908~beta1/menu.c:4373:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostnamebuf, hostname.string, l);
data/darkplaces-0~20180908~beta1/menu.c:4406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:4455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:4510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/darkplaces-0~20180908~beta1/menu.c:4512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAX_QPATH];
data/darkplaces-0~20180908~beta1/menu.c:4568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamedirs[MODLIST_MAXDIRS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/menu.c:4761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/menu.c:5205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/menu.c:5455:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m = ((Cmd_Argc() < 2) ? -1 : atoi(Cmd_Argv(1)));
data/darkplaces-0~20180908~beta1/menu.h:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char m_return_reason[128];
data/darkplaces-0~20180908~beta1/meshqueue.c:43:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newarray, mqt_array, mqt_total * sizeof(meshqueue_t));
data/darkplaces-0~20180908~beta1/model_alias.c:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bonepose + i * 12, m, sizeof(m));
data/darkplaces-0~20180908~beta1/model_alias.c:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bonepose + i * 12, m, sizeof(m));
data/darkplaces-0~20180908~beta1/model_alias.c:171:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (vertex3f) memcpy(vertex3f, model->surfmesh.data_vertex3f, model->surfmesh.num_vertices*sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_alias.c:172:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (normal3f) memcpy(normal3f, model->surfmesh.data_normal3f, model->surfmesh.num_vertices*sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_alias.c:173:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (svector3f) memcpy(svector3f, model->surfmesh.data_svector3f, model->surfmesh.num_vertices*sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_alias.c:174:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (tvector3f) memcpy(tvector3f, model->surfmesh.data_tvector3f, model->surfmesh.num_vertices*sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_alias.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(weights, newweights, sizeof(blendweights_t));
data/darkplaces-0~20180908~beta1/model_alias.c:652:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(refvertex3f, vertex3f, loadmodel->surfmesh.num_vertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_alias.c:928:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stripbuf[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_alias.c:987:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_alias.c:1272:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->skinscenes, tempskinscenes, loadmodel->numskins * sizeof(animscene_t));
data/darkplaces-0~20180908~beta1/model_alias.c:1277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->data_textures, tempaliasskins, loadmodel->num_surfaces * totalskins * sizeof(texture_t));
data/darkplaces-0~20180908~beta1/model_alias.c:1917:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->animscenes[i].name, scene->name, 32);
data/darkplaces-0~20180908~beta1/model_alias.c:1937:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->data_bones[i].name, bone[i].name, sizeof(bone[i].name));
data/darkplaces-0~20180908~beta1/model_alias.c:2326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->data_bones[i].name, bone[i].name, sizeof(bone[i].name));
data/darkplaces-0~20180908~beta1/model_alias.c:2344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->animscenes[i].name, frames[i].name, sizeof(frames[i].name));
data/darkplaces-0~20180908~beta1/model_alias.c:2572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char animname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_alias.c:3263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header, pbase, sizeof(iqmheader_t));
data/darkplaces-0~20180908~beta1/model_alias.c:3866:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(weights.index, vblendindexes + i*4, 4);
data/darkplaces-0~20180908~beta1/model_alias.c:3867:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(weights.influence, vblendweights + i*4, 4);
data/darkplaces-0~20180908~beta1/model_alias.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; // frame name from grabbing
data/darkplaces-0~20180908~beta1/model_alias.h:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MD3FRAMENAME];
data/darkplaces-0~20180908~beta1/model_alias.h:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MD3NAME];
data/darkplaces-0~20180908~beta1/model_alias.h:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MD3NAME];
data/darkplaces-0~20180908~beta1/model_alias.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[4]; // "IDP3"
data/darkplaces-0~20180908~beta1/model_alias.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MD3NAME];
data/darkplaces-0~20180908~beta1/model_alias.h:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[4]; // "IDP3"
data/darkplaces-0~20180908~beta1/model_alias.h:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MD3NAME];
data/darkplaces-0~20180908~beta1/model_alias.h:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MD3NAME];
data/darkplaces-0~20180908~beta1/model_alias.h:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MD3NAME];
data/darkplaces-0~20180908~beta1/model_brush.c:171:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, leaf->ambient_sound_level, i);
data/darkplaces-0~20180908~beta1/model_brush.c:1610:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/darkplaces-0~20180908~beta1/model_brush.c:1653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_QPATH], name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_brush.c:1654:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeroopaque[4], zerotrans[4];
data/darkplaces-0~20180908~beta1/model_brush.c:1656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/model_brush.c:2104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char litfilename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_brush.c:2105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlitfilename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_brush.c:2132:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->brushq1.lightdata, data + 8, filesize - 8);
data/darkplaces-0~20180908~beta1/model_brush.c:2145:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->brushq1.nmaplightdata, data + 8, filesize - 8);
data/darkplaces-0~20180908~beta1/model_brush.c:2198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128], value[4096];
data/darkplaces-0~20180908~beta1/model_brush.c:2564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/model_brush.c:3273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapfilename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_brush.c:4062:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/darkplaces-0~20180908~beta1/model_brush.c:4187:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mod->brushq1.data_lightstyleinfo, styleinfo, mod->brushq1.num_lightstyles * sizeof(model_brush_lightstyleinfo_t));
data/darkplaces-0~20180908~beta1/model_brush.c:4372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_brush.c:5033:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/darkplaces-0~20180908~beta1/model_brush.c:5164:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mod->brushq1.data_lightstyleinfo, styleinfo, mod->brushq1.num_lightstyles * sizeof(model_brush_lightstyleinfo_t));
data/darkplaces-0~20180908~beta1/model_brush.c:5193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128], value[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/model_brush.c:5201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->brush.entities, mod_base + l->fileofs, l->filelen);
data/darkplaces-0~20180908~beta1/model_brush.c:5583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_brush.c:5585:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *inpixels[10000]; // max count q3map2 can output (it uses 4 digits)
data/darkplaces-0~20180908~beta1/model_brush.c:5586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/model_brush.c:6602:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, count * (int)sizeof(*out));
data/darkplaces-0~20180908~beta1/model_brush.c:6680:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->brush.data_pvsclusters, (unsigned char *)(in + 1), totalchains);
data/darkplaces-0~20180908~beta1/model_brush.c:7977:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/darkplaces-0~20180908~beta1/model_brush.c:8128:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nobsp_pvs[1] = {1};
data/darkplaces-0~20180908~beta1/model_brush.c:8134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[512];
data/darkplaces-0~20180908~beta1/model_brush.c:8135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/darkplaces-0~20180908~beta1/model_brush.c:8136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char materialname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_brush.c:8233:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char emptyarg[1] = "";
data/darkplaces-0~20180908~beta1/model_brush.c:8334:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index1 = atoi(argv[j]);
data/darkplaces-0~20180908~beta1/model_brush.c:8339:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index2 = atoi(argv[j]);
data/darkplaces-0~20180908~beta1/model_brush.c:8344:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index3 = atoi(argv[j]);
data/darkplaces-0~20180908~beta1/model_brush.c:8624:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/darkplaces-0~20180908~beta1/model_brush.h:189:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ambient_sound_level[NUM_AMBIENTS]; // q1bsp
data/darkplaces-0~20180908~beta1/model_brush.h:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[Q3PATHLENGTH];
data/darkplaces-0~20180908~beta1/model_brush.h:535:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char color4ub[4];
data/darkplaces-0~20180908~beta1/model_brush.h:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shadername[Q3PATHLENGTH];
data/darkplaces-0~20180908~beta1/model_brush.h:631:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[128*128*3];
data/darkplaces-0~20180908~beta1/model_brush.h:637:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ambientrgb[3];
data/darkplaces-0~20180908~beta1/model_brush.h:638:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char diffusergb[3];
data/darkplaces-0~20180908~beta1/model_dpmodel.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[16]; // "DARKPLACESMODEL\0", length 16
data/darkplaces-0~20180908~beta1/model_dpmodel.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shadername[32]; // name of the shader to use
data/darkplaces-0~20180908~beta1/model_dpmodel.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/darkplaces-0~20180908~beta1/model_dpmodel.h:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/darkplaces-0~20180908~beta1/model_iqm.h:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[16];
data/darkplaces-0~20180908~beta1/model_psk.h:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[20];
data/darkplaces-0~20180908~beta1/model_psk.h:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unknown1[2]; // seems to be garbage
data/darkplaces-0~20180908~beta1/model_psk.h:43:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unknown3[2]; // seems to be garbage
data/darkplaces-0~20180908~beta1/model_psk.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/darkplaces-0~20180908~beta1/model_psk.h:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/darkplaces-0~20180908~beta1/model_psk.h:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/darkplaces-0~20180908~beta1/model_psk.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[64];
data/darkplaces-0~20180908~beta1/model_shared.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/darkplaces-0~20180908~beta1/model_shared.c:261:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(com_token);
data/darkplaces-0~20180908~beta1/model_shared.c:270:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(com_token);
data/darkplaces-0~20180908~beta1/model_shared.c:287:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loop = (atoi(com_token) != 0);
data/darkplaces-0~20180908~beta1/model_shared.c:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/model_shared.c:1431:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&entry->shader, shader, sizeof (q3shaderinfo_t));
data/darkplaces-0~20180908~beta1/model_shared.c:1452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter[TEXTURE_MAXFRAMES + 4][Q3PATHLENGTH];
data/darkplaces-0~20180908~beta1/model_shared.c:1453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *custsurfaceparmnames[256]; // VorteX: q3map2 has 64 but well, someone will need more
data/darkplaces-0~20180908~beta1/model_shared.c:2032:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!atoi(parameter[1]) && strcasecmp(parameter[1], "-"))
data/darkplaces-0~20180908~beta1/model_shared.c:2686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[10][MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:2687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/model_shared.c:2940:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_vertex3f ) memcpy(mem + loadmodel->surfmesh.data_vertex3f_bufferoffset , loadmodel->surfmesh.data_vertex3f , loadmodel->surfmesh.num_vertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_shared.c:2941:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_svector3f ) memcpy(mem + loadmodel->surfmesh.data_svector3f_bufferoffset , loadmodel->surfmesh.data_svector3f , loadmodel->surfmesh.num_vertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_shared.c:2942:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_tvector3f ) memcpy(mem + loadmodel->surfmesh.data_tvector3f_bufferoffset , loadmodel->surfmesh.data_tvector3f , loadmodel->surfmesh.num_vertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_shared.c:2943:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_normal3f ) memcpy(mem + loadmodel->surfmesh.data_normal3f_bufferoffset , loadmodel->surfmesh.data_normal3f , loadmodel->surfmesh.num_vertices * sizeof(float[3]));
data/darkplaces-0~20180908~beta1/model_shared.c:2944:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_texcoordtexture2f ) memcpy(mem + loadmodel->surfmesh.data_texcoordtexture2f_bufferoffset , loadmodel->surfmesh.data_texcoordtexture2f , loadmodel->surfmesh.num_vertices * sizeof(float[2]));
data/darkplaces-0~20180908~beta1/model_shared.c:2945:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_texcoordlightmap2f) memcpy(mem + loadmodel->surfmesh.data_texcoordlightmap2f_bufferoffset, loadmodel->surfmesh.data_texcoordlightmap2f, loadmodel->surfmesh.num_vertices * sizeof(float[2]));
data/darkplaces-0~20180908~beta1/model_shared.c:2946:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_lightmapcolor4f ) memcpy(mem + loadmodel->surfmesh.data_lightmapcolor4f_bufferoffset , loadmodel->surfmesh.data_lightmapcolor4f , loadmodel->surfmesh.num_vertices * sizeof(float[4]));
data/darkplaces-0~20180908~beta1/model_shared.c:2947:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_skeletalindex4ub ) memcpy(mem + loadmodel->surfmesh.data_skeletalindex4ub_bufferoffset , loadmodel->surfmesh.data_skeletalindex4ub , loadmodel->surfmesh.num_vertices * sizeof(unsigned char[4]));
data/darkplaces-0~20180908~beta1/model_shared.c:2948:52: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (loadmodel->surfmesh.data_skeletalweight4ub ) memcpy(mem + loadmodel->surfmesh.data_skeletalweight4ub_bufferoffset , loadmodel->surfmesh.data_skeletalweight4ub , loadmodel->surfmesh.num_vertices * sizeof(unsigned char[4]));
data/darkplaces-0~20180908~beta1/model_shared.c:3003:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuffer, oldbuffer, outbufferpos);
data/darkplaces-0~20180908~beta1/model_shared.c:3027:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuffer, oldbuffer, outbufferpos);
data/darkplaces-0~20180908~beta1/model_shared.c:3057:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuffer, oldbuffer, outbufferpos);
data/darkplaces-0~20180908~beta1/model_shared.c:3108:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuffer, oldbuffer, outbufferpos);
data/darkplaces-0~20180908~beta1/model_shared.c:3135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuffer, oldbuffer, outbufferpos);
data/darkplaces-0~20180908~beta1/model_shared.c:3200:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuffer, oldbuffer, outbufferpos);
data/darkplaces-0~20180908~beta1/model_shared.c:3252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:3253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:3254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtlname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:3255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:3256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char animname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:3257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char animname2[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.c:3258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zymtextbuffer[16384];
data/darkplaces-0~20180908~beta1/model_shared.c:3259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpmtextbuffer[16384];
data/darkplaces-0~20180908~beta1/model_shared.c:3260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char framegroupstextbuffer[16384];
data/darkplaces-0~20180908~beta1/model_shared.c:3264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/model_shared.c:3639:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(svbsp.nodes, nodes, svbsp.numnodes * sizeof(*nodes));
data/darkplaces-0~20180908~beta1/model_shared.c:4088:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/model_shared.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; // for viewthing support
data/darkplaces-0~20180908~beta1/model_shared.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[MAX_QPATH]; // name of this
data/darkplaces-0~20180908~beta1/model_shared.h:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char svec[3];
data/darkplaces-0~20180908~beta1/model_shared.h:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char tvec[3];
data/darkplaces-0~20180908~beta1/model_shared.h:99:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char index[4];
data/darkplaces-0~20180908~beta1/model_shared.h:100:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char influence[4];
data/darkplaces-0~20180908~beta1/model_shared.h:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.h:414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[Q3PATHLENGTH];
data/darkplaces-0~20180908~beta1/model_shared.h:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skyboxname[Q3PATHLENGTH];
data/darkplaces-0~20180908~beta1/model_shared.h:441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpreflectcube[Q3PATHLENGTH];
data/darkplaces-0~20180908~beta1/model_shared.h:611:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/darkplaces-0~20180908~beta1/model_shared.h:661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q2texture[32]; // texture name (textures/*.wal)
data/darkplaces-0~20180908~beta1/model_shared.h:671:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char styles[MAXLIGHTMAPS]; // q1bsp
data/darkplaces-0~20180908~beta1/model_shared.h:847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skybox[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.h:967:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.h:1111:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char loadname[32]; // for hunk tags
data/darkplaces-0~20180908~beta1/model_shared.h:1152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_shared.h:1153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char replacement[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_sprite.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH], fogname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/model_sprite.c:300:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette[256][4];
data/darkplaces-0~20180908~beta1/model_zymotic.h:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[12]; // "ZYMOTICMODEL", length 12, no termination
data/darkplaces-0~20180908~beta1/model_zymotic.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/darkplaces-0~20180908~beta1/model_zymotic.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/darkplaces-0~20180908~beta1/modelgen.h:85:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v[3];
data/darkplaces-0~20180908~beta1/modelgen.h:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; // frame name from grabbing
data/darkplaces-0~20180908~beta1/mvm_cmds.c:785:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->fields.fp, in->fields.fp, prog->entityfields * sizeof(prvm_vec_t));
data/darkplaces-0~20180908~beta1/mvm_cmds.c:805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyfp[FP64_SIZE + 1];
data/darkplaces-0~20180908~beta1/mvm_cmds.c:821:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idfp[FP64_SIZE + 1];
data/darkplaces-0~20180908~beta1/mvm_cmds.c:854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/mvm_cmds.c:869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyfp[FP64_SIZE + 1];
data/darkplaces-0~20180908~beta1/mvm_cmds.c:891:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idfp[FP64_SIZE + 1];
data/darkplaces-0~20180908~beta1/netconn.c:72:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cl_message_buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.c:73:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sv_message_buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.c:74:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cl_readstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/netconn.c:75:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv_readstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/netconn.c:140:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cl_net_extresponse[NET_EXTRESPONSE_MAX][1400];
data/darkplaces-0~20180908~beta1/netconn.c:144:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv_net_extresponse[NET_EXTRESPONSE_MAX][1400];
data/darkplaces-0~20180908~beta1/netconn.c:168:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char favorites_idfp[MAX_FAVORITESERVERS][FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/netconn.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufferA[ 1400 ], bufferB[ 1400 ]; // should be more than enough
data/darkplaces-0~20180908~beta1/netconn.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idfp[FP64_SIZE+1];
data/darkplaces-0~20180908~beta1/netconn.c:628:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressstring[128], addressstring2[128];
data/darkplaces-0~20180908~beta1/netconn.c:657:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressstring[128], addressstring2[128];
data/darkplaces-0~20180908~beta1/netconn.c:730:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.c:731:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cryptosendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
data/darkplaces-0~20180908~beta1/netconn.c:756:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (conn->sendMessage, conn->message.data, conn->message.cursize);
data/darkplaces-0~20180908~beta1/netconn.c:788:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuffer + packetLen, conn->sendMessage, conn->sendMessageLength);
data/darkplaces-0~20180908~beta1/netconn.c:797:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuffer + packetLen, data->data, data->cursize);
data/darkplaces-0~20180908~beta1/netconn.c:834:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
data/darkplaces-0~20180908~beta1/netconn.c:864:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->sendMessage, conn->message.data, conn->message.cursize);
data/darkplaces-0~20180908~beta1/netconn.c:883:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
data/darkplaces-0~20180908~beta1/netconn.c:913:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuffer + NET_HEADERSIZE, data->data, data->cursize);
data/darkplaces-0~20180908~beta1/netconn.c:957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressstring2[1024];
data/darkplaces-0~20180908~beta1/netconn.c:1016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressstring2[1024];
data/darkplaces-0~20180908~beta1/netconn.c:1189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/darkplaces-0~20180908~beta1/netconn.c:1203:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.c:1204:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cryptosendbuffer[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
data/darkplaces-0~20180908~beta1/netconn.c:1205:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cryptoreadbuffer[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
data/darkplaces-0~20180908~beta1/netconn.c:1430:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuffer + NET_HEADERSIZE, conn->sendMessage, dataLen);
data/darkplaces-0~20180908~beta1/netconn.c:1453:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temppacket[8];
data/darkplaces-0~20180908~beta1/netconn.c:1470:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->receiveMessage + conn->receiveMessageLength, data, length);
data/darkplaces-0~20180908~beta1/netconn.c:1561:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/darkplaces-0~20180908~beta1/netconn.c:1718:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstring [128];
data/darkplaces-0~20180908~beta1/netconn.c:1741:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifnamebuf[16];
data/darkplaces-0~20180908~beta1/netconn.c:1792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string, addressstring2[128];
data/darkplaces-0~20180908~beta1/netconn.c:1793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringbuf[16384];
data/darkplaces-0~20180908~beta1/netconn.c:1794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char senddata[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
data/darkplaces-0~20180908~beta1/netconn.c:1797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infostringvalue[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/netconn.c:1798:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstring[32];
data/darkplaces-0~20180908~beta1/netconn.c:1815:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stringbuf, data, length);
data/darkplaces-0~20180908~beta1/netconn.c:1834:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(senddata, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:1841:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(senddata, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:1865:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1500];
data/darkplaces-0~20180908~beta1/netconn.c:1866:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argbuf[1500];
data/darkplaces-0~20180908~beta1/netconn.c:1870:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "\377\377\377\377srcon HMAC-MD4 CHALLENGE ", 29);
data/darkplaces-0~20180908~beta1/netconn.c:1906:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protocolnames[1400];
data/darkplaces-0~20180908~beta1/netconn.c:1919:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(senddata, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:1939:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rejectreason[128];
data/darkplaces-0~20180908~beta1/netconn.c:1947:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rejectreason, string, length);
data/darkplaces-0~20180908~beta1/netconn.c:1993:127: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "protocol" , infostringvalue, sizeof(infostringvalue))) != NULL) info->protocol = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:1994:129: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "clients" , infostringvalue, sizeof(infostringvalue))) != NULL) info->numplayers = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:1995:126: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "bots" , infostringvalue, sizeof(infostringvalue))) != NULL) info->numbots = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:1996:129: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "sv_maxclients", infostringvalue, sizeof(infostringvalue))) != NULL) info->maxplayers = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:1997:130: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "gameversion" , infostringvalue, sizeof(infostringvalue))) != NULL) info->gameversion = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:2035:127: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "protocol" , infostringvalue, sizeof(infostringvalue))) != NULL) info->protocol = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:2036:129: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "clients" , infostringvalue, sizeof(infostringvalue))) != NULL) info->numplayers = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:2037:126: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "bots" , infostringvalue, sizeof(infostringvalue))) != NULL) info->numbots = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:2038:129: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "sv_maxclients", infostringvalue, sizeof(infostringvalue))) != NULL) info->maxplayers = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:2039:130: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "gameversion" , infostringvalue, sizeof(infostringvalue))) != NULL) info->gameversion = atoi(s);
data/darkplaces-0~20180908~beta1/netconn.c:2125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(senddata, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:2126:96: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dpsnprintf(senddata+4, sizeof(senddata)-4, "connect %i %i %i \"%s%s\"\n", 28, cls.qw_qport, atoi(string + 1), cls.userinfo, cls.connect_userinfo);
data/darkplaces-0~20180908~beta1/netconn.c:2167:129: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "maxclients" , infostringvalue, sizeof(infostringvalue))) != NULL) info->maxplayers = atoi(s);else info->maxplayers = 0;
data/darkplaces-0~20180908~beta1/netconn.c:2168:130: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((s = InfoString_GetValue(string, "gameversion" , infostringvalue, sizeof(infostringvalue))) != NULL) info->gameversion = atoi(s);else info->gameversion = 0;
data/darkplaces-0~20180908~beta1/netconn.c:2428:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.c:2509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qcstatus[256];
data/darkplaces-0~20180908~beta1/netconn.c:2512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teambuf[3];
data/darkplaces-0~20180908~beta1/netconn.c:2580:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cleanname [sizeof(client->name)];
data/darkplaces-0~20180908~beta1/netconn.c:2656:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_msg + 4, "infoResponse\x0A", 13);
data/darkplaces-0~20180908~beta1/netconn.c:2739:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdfourbuf[16];
data/darkplaces-0~20180908~beta1/netconn.c:2760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdfourbuf[16];
data/darkplaces-0~20180908~beta1/netconn.c:2806:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/netconn.c:2810:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vabuf[1024];
data/darkplaces-0~20180908~beta1/netconn.c:2943:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string, response[1400], addressstring2[128];
data/darkplaces-0~20180908~beta1/netconn.c:2944:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stringbuf[16384]; // server only
data/darkplaces-0~20180908~beta1/netconn.c:2946:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char senddata[NET_HEADERSIZE+NET_MAXMESSAGE+CRYPTO_HEADERSIZE];
data/darkplaces-0~20180908~beta1/netconn.c:2948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infostringvalue[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/netconn.c:2972:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stringbuf, data, length);
data/darkplaces-0~20180908~beta1/netconn.c:2991:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(senddata, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:2998:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(senddata, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:3035:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:3089:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:3275:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[64];
data/darkplaces-0~20180908~beta1/netconn.c:3471:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myaddressstring[128];
data/darkplaces-0~20180908~beta1/netconn.c:3571:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[2048];
data/darkplaces-0~20180908~beta1/netconn.c:3572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2048];
data/darkplaces-0~20180908~beta1/netconn.c:3608:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readbuffer[NET_HEADERSIZE+NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.c:3635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request[256];
data/darkplaces-0~20180908~beta1/netconn.c:3682:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request, "\377\377\377\377", 4);
data/darkplaces-0~20180908~beta1/netconn.c:3734:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lookupstring[128];
data/darkplaces-0~20180908~beta1/netconn.c:3932:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(com_argv[i + 1]);
data/darkplaces-0~20180908~beta1/netconn.h:157:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char messagedata[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.h:163:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sendMessage[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.h:168:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char receiveMessage[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/netconn.h:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[128];
data/darkplaces-0~20180908~beta1/netconn.h:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[128];
data/darkplaces-0~20180908~beta1/netconn.h:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char game[32];
data/darkplaces-0~20180908~beta1/netconn.h:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod[32];
data/darkplaces-0~20180908~beta1/netconn.h:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map[32];
data/darkplaces-0~20180908~beta1/netconn.h:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/darkplaces-0~20180908~beta1/netconn.h:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qcstatus[128];
data/darkplaces-0~20180908~beta1/netconn.h:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char players[1400];
data/darkplaces-0~20180908~beta1/netconn.h:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line1[128];
data/darkplaces-0~20180908~beta1/netconn.h:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line2[128];
data/darkplaces-0~20180908~beta1/netconn.h:401:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cl_net_extresponse[NET_EXTRESPONSE_MAX][1400];
data/darkplaces-0~20180908~beta1/netconn.h:405:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sv_net_extresponse[NET_EXTRESPONSE_MAX][1400];
data/darkplaces-0~20180908~beta1/netconn.h:419:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cl_readstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/netconn.h:420:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sv_readstring[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/netconn.h:481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[12];
data/darkplaces-0~20180908~beta1/palette.c:7:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette_rgb[256][3];
data/darkplaces-0~20180908~beta1/palette.c:8:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette_rgb_pantscolormap[16][3];
data/darkplaces-0~20180908~beta1/palette.c:9:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette_rgb_shirtcolormap[16][3];
data/darkplaces-0~20180908~beta1/palette.c:10:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette_rgb_pantsscoreboard[16][3];
data/darkplaces-0~20180908~beta1/palette.c:11:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette_rgb_shirtscoreboard[16][3];
data/darkplaces-0~20180908~beta1/palette.c:26:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette_featureflags[256];
data/darkplaces-0~20180908~beta1/palette.c:31:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char host_quakepal[768] =
data/darkplaces-0~20180908~beta1/palette.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/darkplaces-0~20180908~beta1/palette.c:203:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q2palette_rgb[256][3];
data/darkplaces-0~20180908~beta1/palette.c:272:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char texturegammaramp[256];
data/darkplaces-0~20180908~beta1/palette.c:275:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/darkplaces-0~20180908~beta1/palette.c:303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb, palfile, 768);
data/darkplaces-0~20180908~beta1/palette.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb, host_quakepal, 768);
data/darkplaces-0~20180908~beta1/palette.c:328:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb_shirtcolormap[0], palfile, 48);
data/darkplaces-0~20180908~beta1/palette.c:329:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb_shirtscoreboard[0], palfile + 48, 48);
data/darkplaces-0~20180908~beta1/palette.c:342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb_pantscolormap[0], palfile + 48*2, 48);
data/darkplaces-0~20180908~beta1/palette.c:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palette_rgb_pantsscoreboard[0], palfile + 48*3, 48);
data/darkplaces-0~20180908~beta1/palette.h:13:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char palette_rgb[256][3];
data/darkplaces-0~20180908~beta1/palette.h:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char palette_rgb_pantscolormap[16][3];
data/darkplaces-0~20180908~beta1/palette.h:15:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char palette_rgb_shirtcolormap[16][3];
data/darkplaces-0~20180908~beta1/palette.h:16:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char palette_rgb_pantsscoreboard[16][3];
data/darkplaces-0~20180908~beta1/palette.h:17:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char palette_rgb_shirtscoreboard[16][3];
data/darkplaces-0~20180908~beta1/palette.h:32:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char palette_featureflags[256];
data/darkplaces-0~20180908~beta1/portals.c:25:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&portaltemppoints[w][0][0], targpoints, numpoints * 3 * sizeof(float));
data/darkplaces-0~20180908~beta1/portals.c:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &portaltemppoints[w][0][0], numpoints * 3 * sizeof(float));
data/darkplaces-0~20180908~beta1/pr_comp.h:157:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parm_size[MAX_PARMS];
data/darkplaces-0~20180908~beta1/pr_comp.h:183:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parm_size[MAX_PARMS];
data/darkplaces-0~20180908~beta1/progsvm.h:592:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * openfiles_origin[PRVM_MAX_OPENFILES];
data/darkplaces-0~20180908~beta1/progsvm.h:594:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * opensearches_origin[PRVM_MAX_OPENSEARCHES];
data/darkplaces-0~20180908~beta1/protocol.c:708:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[128];
data/darkplaces-0~20180908~beta1/protocol.c:1301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->entitydata, d->entitydata + d->frames[i].firstentity % MAX_ENTITY_DATABASE, sizeof(*f->entitydata) * n);
data/darkplaces-0~20180908~beta1/protocol.c:1303:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->entitydata + n, d->entitydata, sizeof(*f->entitydata) * (f->numentities - n));
data/darkplaces-0~20180908~beta1/protocol.c:1355:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->entitydata + n, entitydata, sizeof(entity_state_t) * e);
data/darkplaces-0~20180908~beta1/protocol.c:1357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->entitydata, entitydata + e, sizeof(entity_state_t) * (numentities - e));
data/darkplaces-0~20180908~beta1/protocol.c:1407:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->entitydata + n, entitydata, sizeof(entity_state_t) * e);
data/darkplaces-0~20180908~beta1/protocol.c:1409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->entitydata, entitydata + e, sizeof(entity_state_t) * (numentities - e));
data/darkplaces-0~20180908~beta1/protocol.c:1634:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->referenceentity, oldentity, oldmax * sizeof(*d->referenceentity));
data/darkplaces-0~20180908~beta1/protocol.c:1657:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->currentcommit->entity, oldentity, d->currentcommit->numentities * sizeof(*d->currentcommit->entity));
data/darkplaces-0~20180908~beta1/protocol.c:1896:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[128];
data/darkplaces-0~20180908~beta1/protocol.c:2037:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->deltabits, olddeltabits, oldmaxedicts * sizeof(int));
data/darkplaces-0~20180908~beta1/protocol.c:2038:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->priorities, oldpriorities, oldmaxedicts * sizeof(unsigned char));
data/darkplaces-0~20180908~beta1/protocol.c:2039:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->updateframenum, oldupdateframenum, oldmaxedicts * sizeof(int));
data/darkplaces-0~20180908~beta1/protocol.c:2040:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->states, oldstates, oldmaxedicts * sizeof(entity_state_t));
data/darkplaces-0~20180908~beta1/protocol.c:2041:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->visiblebits, oldvisiblebits, (oldmaxedicts+7)/8 * sizeof(unsigned char));
data/darkplaces-0~20180908~beta1/protocol.c:2770:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char statsdeltabits[(MAX_CL_STATS+7)/8];
data/darkplaces-0~20180908~beta1/protocol.c:2841:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[128];
data/darkplaces-0~20180908~beta1/protocol.h:412:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colormod[3];
data/darkplaces-0~20180908~beta1/protocol.h:413:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char glowmod[3];
data/darkplaces-0~20180908~beta1/protocol.h:781:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char statsdeltabits[(MAX_CL_STATS+7)/8];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:215:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ed->priv.server->skeleton.relativetransforms, skeleton->relativetransforms, ed->priv.server->skeleton.model->num_bones * sizeof(matrix4x4_t));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:617:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:639:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:718:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:734:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:767:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:788:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[512];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:931:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:932:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:1500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:1809:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:1905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:1958:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNewString[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNewString[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNewString[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string, s + u_start, u_length);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2532:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, string, alloclen);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2593:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tokenize_string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2674:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *separators[7];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokentext[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:3231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:3596:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mainfont[MAX_QPATH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:3641:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f->req_face = atoi(c+1);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:3651:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mainfont, filelist, c - filelist);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:3667:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f->fallback_faces[i] = atoi(c+1);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:3679:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->fallbacks[i], filelist, c - filelist);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:3997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tinystr[2];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ret[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4021:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4628:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stringbuffer->strings, oldstrings, stringbuffer->num_strings * sizeof(stringbuffer->strings[0]));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4723:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stringbuffer->strings[strindex], str, alloclen);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4883:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dststringbuffer->strings[i], srcstringbuffer->strings[i], stringlen);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5070:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stringbuffer->strings[strindex], string, alloclen);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5181:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stringbuffer->strings[strindex], string, alloclen);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5529:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stringbuffer->strings[n], cvar->name, alloclen);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNewString[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[9 * 4 + 1];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5824:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resbuf[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5871:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destbuf[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5890:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5910:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[32];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5974:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outhex[65];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6082:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posttype[128];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6290:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle->postdata + ltotal, postseparator, l);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6295:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle->postdata + ltotal, stringbuffer->strings[i], strlen(stringbuffer->strings[i]));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6306:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle->postdata, postseparator, l);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6310:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handle->postdata + handle->postlen + 1, query_string, lq);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char normalized[128];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6539:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatbuf[16];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6807:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf16[16];
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6946:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&animatemodel_cache->frameblend, &ed->priv.server->frameblend, sizeof(ed->priv.server->frameblend));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6949:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&animatemodel_cache->skeleton, skeleton, sizeof(ed->priv.server->skeleton));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:7298:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newfunc, f, sizeof(edict_odefunc_t));
data/darkplaces-0~20180908~beta1/prvm_edict.c:566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[MAX_INPUTLINE], tempstring2[260]; // temporary string buffers
data/darkplaces-0~20180908~beta1/prvm_edict.c:624:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:806:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/prvm_edict.c:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1008:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(s);
data/darkplaces-0~20180908~beta1/prvm_edict.c:1123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1134:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ed = PRVM_EDICT_NUM(atoi(Cmd_Argv(2)));
data/darkplaces-0~20180908~beta1/prvm_edict.c:1167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1226:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ed = PRVM_EDICT_NUM(atoi(Cmd_Argv(2)));
data/darkplaces-0~20180908~beta1/prvm_edict.c:1248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[256];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1702:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1703:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decodedbuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1790:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thisstr.key, decodedbuf, decodedpos + 1);
data/darkplaces-0~20180908~beta1/prvm_edict.c:1795:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thisstr.value, decodedbuf, decodedpos + 1);
data/darkplaces-0~20180908~beta1/prvm_edict.c:1799:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(po->hashtable[hashindex], &thisstr, sizeof(thisstr));
data/darkplaces-0~20180908~beta1/prvm_edict.c:1865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prog->statement_linenums, header + 6, prog->progs_numstatements * sizeof( int ) );
data/darkplaces-0~20180908~beta1/prvm_edict.c:1905:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prog->statement_columnnums, header + 6 + prog->progs_numstatements, prog->progs_numstatements * sizeof( int ) );
data/darkplaces-0~20180908~beta1/prvm_edict.c:1940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:1941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf2[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2002:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prog->strings, instrings, prog->progs_numstrings);
data/darkplaces-0~20180908~beta1/prvm_edict.c:2035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prog->functions[i].parm_size, infunctions[i].parm_size, sizeof(infunctions[i].parm_size));
data/darkplaces-0~20180908~beta1/prvm_edict.c:2320:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[MAX_INPUTLINE], tempstring2[260];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char break_statement[256];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char watch_global[256];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char watch_field[256];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2713:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2714:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf_o[128];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf_n[128];
data/darkplaces-0~20180908~beta1/prvm_edict.c:2720:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o, n, sz);
data/darkplaces-0~20180908~beta1/prvm_edict.c:2733:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prog->break_statement = atoi(debug->break_statement);
data/darkplaces-0~20180908~beta1/prvm_edict.c:2770:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prog->watch_global_value, PRVM_GLOBALFIELDVALUE(prog->watch_global), sz);
data/darkplaces-0~20180908~beta1/prvm_edict.c:2793:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prog->watch_edictfield_value, PRVM_EDICTFIELDVALUE(PRVM_EDICT_NUM(prog->watch_edict), prog->watch_field), sz);
data/darkplaces-0~20180908~beta1/prvm_edict.c:2886:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug->watch_edict = atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/prvm_edict.c:3059:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char **)prog->knownstrings, oldstrings, prog->numknownstrings * sizeof(char *));
data/darkplaces-0~20180908~beta1/prvm_edict.c:3060:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char **)prog->knownstrings_freeable, oldstrings_freeable, prog->numknownstrings * sizeof(unsigned char));
data/darkplaces-0~20180908~beta1/prvm_edict.c:3062:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char **)prog->knownstrings_origin, oldstrings_origin, prog->numknownstrings * sizeof(char *));
data/darkplaces-0~20180908~beta1/prvm_edict.c:3108:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prog->tempstringsbuf.data, old.data, old.cursize);
data/darkplaces-0~20180908~beta1/prvm_edict.c:3114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, size);
data/darkplaces-0~20180908~beta1/prvm_edict.c:3145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char **)prog->knownstrings, oldstrings, prog->numknownstrings * sizeof(char *));
data/darkplaces-0~20180908~beta1/prvm_edict.c:3146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char **)prog->knownstrings_freeable, oldstrings_freeable, prog->numknownstrings * sizeof(unsigned char));
data/darkplaces-0~20180908~beta1/prvm_edict.c:3148:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char **)prog->knownstrings_origin, oldstrings_origin, prog->numknownstrings * sizeof(char *));
data/darkplaces-0~20180908~beta1/prvm_edict.c:3227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_edict.c:3228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf2[1024];
data/darkplaces-0~20180908~beta1/prvm_exec.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuf[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/prvm_exec.c:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_exec.c:470:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
howmany = atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/prvm_exec.c:496:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
howmany = atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/prvm_exec.c:535:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/prvm_exec.c:708:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[128];
data/darkplaces-0~20180908~beta1/prvm_exec.c:714:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[128];
data/darkplaces-0~20180908~beta1/quakedef.h:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char engineversion[128];
data/darkplaces-0~20180908~beta1/r_explosion.c:66:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char noise1[128][128], noise2[128][128], noise3[128][128], data[128][128][4];
data/darkplaces-0~20180908~beta1/r_explosion.c:167:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char noise[EXPLOSIONGRID*EXPLOSIONGRID];
data/darkplaces-0~20180908~beta1/r_shadow.c:130:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_shadow_mapname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/r_shadow.c:1190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixels[32][32][4];
data/darkplaces-0~20180908~beta1/r_shadow.c:1428:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[4*6] =
data/darkplaces-0~20180908~beta1/r_shadow.c:2523:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
R_UpdateTexture(r_shadow_bouncegrid_state.texture, (const unsigned char *)pixelsrgba16f, 0, 0, 0, resolution[0], resolution[1], resolution[2]*pixelbands);
data/darkplaces-0~20180908~beta1/r_shadow.c:2532:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
R_UpdateTexture(r_shadow_bouncegrid_state.texture, (const unsigned char *)pixelsrgba32f, 0, 0, 0, resolution[0], resolution[1], resolution[2]*pixelbands);
data/darkplaces-0~20180908~beta1/r_shadow.c:3044:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtlight->static_surfacelist, r_shadow_buffer_surfacelist, rtlight->static_numsurfaces * sizeof(*rtlight->static_surfacelist));
data/darkplaces-0~20180908~beta1/r_shadow.c:3046:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtlight->static_leaflist, r_shadow_buffer_leaflist, rtlight->static_numleafs * sizeof(*rtlight->static_leaflist));
data/darkplaces-0~20180908~beta1/r_shadow.c:3048:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtlight->static_leafpvs, r_shadow_buffer_leafpvs, rtlight->static_numleafpvsbytes);
data/darkplaces-0~20180908~beta1/r_shadow.c:3050:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtlight->static_shadowtrispvs, r_shadow_buffer_shadowtrispvs, rtlight->static_numshadowtrispvsbytes);
data/darkplaces-0~20180908~beta1/r_shadow.c:3052:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtlight->static_lighttrispvs, r_shadow_buffer_lighttrispvs, rtlight->static_numlighttrispvsbytes);
data/darkplaces-0~20180908~beta1/r_shadow.c:3691:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char entitysides[MAX_EDICTS];
data/darkplaces-0~20180908~beta1/r_shadow.c:3692:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char entitysides_noselfshadow[MAX_EDICTS];
data/darkplaces-0~20180908~beta1/r_shadow.c:4842:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempchar, *lightsstring, *s, *t, name[MAX_QPATH], cubemapname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/r_shadow.c:4948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/r_shadow.c:4949:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/r_shadow.c:4981:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, oldbuf, bufchars);
data/darkplaces-0~20180908~beta1/r_shadow.c:4987:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufchars, line, strlen(line));
data/darkplaces-0~20180908~beta1/r_shadow.c:5000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempchar, *lightsstring, *s, *t, name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/r_shadow.c:5061:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], value[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/r_shadow.c:5062:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/r_shadow.c:5131:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(value);
data/darkplaces-0~20180908~beta1/r_shadow.c:5213:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style = atoi(value);
data/darkplaces-0~20180908~beta1/r_shadow.c:5375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cubemapname[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/r_shadow.c:5586:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style = atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/r_shadow.c:5607:88: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shadows = Cmd_Argv(2)[0] == 'y' || Cmd_Argv(2)[0] == 'Y' || Cmd_Argv(2)[0] == 't' || atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/r_shadow.c:5661:91: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
normalmode = Cmd_Argv(2)[0] == 'y' || Cmd_Argv(2)[0] == 'Y' || Cmd_Argv(2)[0] == 't' || atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/r_shadow.c:5670:93: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
realtimemode = Cmd_Argv(2)[0] == 'y' || Cmd_Argv(2)[0] == 'Y' || Cmd_Argv(2)[0] == 't' || atoi(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/r_shadow.c:5728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/darkplaces-0~20180908~beta1/r_sky.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char skyname[MAX_QPATH];
data/darkplaces-0~20180908~beta1/r_sky.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/r_sky.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/render.h:607:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pvsbits[(MAX_MAP_LEAFS+7)>>3]; // FIXME: buffer overflow on huge maps
data/darkplaces-0~20180908~beta1/sbar.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sbar.c:429:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sbar.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32], *ptr;
data/darkplaces-0~20180908~beta1/sbar.c:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32], *ptr;
data/darkplaces-0~20180908~beta1/sbar.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80], timestr[40];
data/darkplaces-0~20180908~beta1/sbar.c:652:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sbar.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/darkplaces-0~20180908~beta1/sbar.c:741:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sbar.c:770:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[6];
data/darkplaces-0~20180908~beta1/sbar.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[12];
data/darkplaces-0~20180908~beta1/sbar.c:975:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[12];
data/darkplaces-0~20180908~beta1/sbar.c:1098:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soundstring[32];
data/darkplaces-0~20180908~beta1/sbar.c:1099:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fpsstring[32];
data/darkplaces-0~20180908~beta1/sbar.c:1100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestring[32];
data/darkplaces-0~20180908~beta1/sbar.c:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestring[32];
data/darkplaces-0~20180908~beta1/sbar.c:1102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timedemostring1[32];
data/darkplaces-0~20180908~beta1/sbar.c:1103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timedemostring2[32];
data/darkplaces-0~20180908~beta1/sbar.c:1104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speedstring[32];
data/darkplaces-0~20180908~beta1/sbar.c:1105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blurstring[32];
data/darkplaces-0~20180908~beta1/sbar.c:1106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topspeedstring[48];
data/darkplaces-0~20180908~beta1/sbar.c:1107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texstring[MAX_QPATH];
data/darkplaces-0~20180908~beta1/sbar.c:1108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entstring[32];
data/darkplaces-0~20180908~beta1/sbar.c:1371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sbar.c:1797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sbar.c:1865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/server.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverinfo[MAX_SERVERINFO_STRING];
data/darkplaces-0~20180908~beta1/server.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csqc_progname[MAX_QPATH]; // copied from csqc_progname at level start
data/darkplaces-0~20180908~beta1/server.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; // %s followed by entrance name
data/darkplaces-0~20180908~beta1/server.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldmessage[40]; // map title (not related to filename)
data/darkplaces-0~20180908~beta1/server.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldbasename[MAX_QPATH]; // %s
data/darkplaces-0~20180908~beta1/server.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldname[MAX_QPATH]; // maps/%s.bsp
data/darkplaces-0~20180908~beta1/server.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldnamenoextension[MAX_QPATH]; // maps/%s
data/darkplaces-0~20180908~beta1/server.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_precache[MAX_MODELS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/server.h:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sound_precache[MAX_SOUNDS][MAX_QPATH];
data/darkplaces-0~20180908~beta1/server.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lightstyles[MAX_LIGHTSTYLES][64];
data/darkplaces-0~20180908~beta1/server.h:128:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char datagram_buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/server.h:132:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reliable_datagram_buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/server.h:136:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signon_buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/server.h:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char particleeffectname[MAX_PARTICLEEFFECTNAME][MAX_QPATH];
data/darkplaces-0~20180908~beta1/server.h:157:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char writeentitiestoclient_pvs[MAX_MAP_LEAFS/8];
data/darkplaces-0~20180908~beta1/server.h:170:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char csqcentityversion[MAX_EDICTS]; // legacy
data/darkplaces-0~20180908~beta1/server.h:218:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char movement_count[NETGRAPH_PACKETS];
data/darkplaces-0~20180908~beta1/server.h:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_SCOREBOARDNAME], old_name[MAX_SCOREBOARDNAME];
data/darkplaces-0~20180908~beta1/server.h:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char playermodel[MAX_QPATH], old_model[MAX_QPATH];
data/darkplaces-0~20180908~beta1/server.h:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char playerskin[MAX_QPATH], old_skin[MAX_QPATH];
data/darkplaces-0~20180908~beta1/server.h:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netaddress[MAX_QPATH];
data/darkplaces-0~20180908~beta1/server.h:261:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char csqcentityscope[MAX_EDICTS];
data/darkplaces-0~20180908~beta1/server.h:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weaponmodel[MAX_QPATH];
data/darkplaces-0~20180908~beta1/server.h:287:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char statsdeltabits[(MAX_CL_STATS+7)/8];
data/darkplaces-0~20180908~beta1/server.h:290:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unreliablemsg_data[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/server.h:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char download_name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/snd_main.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [MAX_QPATH];
data/darkplaces-0~20180908~beta1/snd_main.c:559:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_fmt.channels = atoi (env);
data/darkplaces-0~20180908~beta1/snd_main.c:572:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_fmt.speed = atoi (env);
data/darkplaces-0~20180908~beta1/snd_main.c:585:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_fmt.width = atoi (env) / 8;
data/darkplaces-0~20180908~beta1/snd_main.c:615:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_fmt.speed = atoi (com_argv[i + 1]);
data/darkplaces-0~20180908~beta1/snd_main.c:622:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_fmt.width = atoi (com_argv[i + 1]) / 8;
data/darkplaces-0~20180908~beta1/snd_main.c:1002:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int soundindex = atoi(name + 1);
data/darkplaces-0~20180908~beta1/snd_main.c:1301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/snd_main.c:1941:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ambientlevels[NUM_AMBIENTS];
data/darkplaces-0~20180908~beta1/snd_main.h:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char samples[4]; // variable sized
data/darkplaces-0~20180908~beta1/snd_main.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/snd_mem.c:149:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_data, samples, srclength * format->width);
data/darkplaces-0~20180908~beta1/snd_mem.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuffer[MAX_QPATH + 16];
data/darkplaces-0~20180908~beta1/snd_mem.c:339:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (namebuffer + len - 3, "ogg", 4);
data/darkplaces-0~20180908~beta1/snd_mem.c:358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (namebuffer + len - 3, "ogg", 4);
data/darkplaces-0~20180908~beta1/snd_ogg.c:110:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[282];
data/darkplaces-0~20180908~beta1/snd_ogg.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, ov_decode->buffer + ov_decode->ind, len);
data/darkplaces-0~20180908~beta1/snd_ogg.c:412:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[STREAM_BUFFERSIZE*4];
data/darkplaces-0~20180908~beta1/snd_oss.c:64:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(suggested, requested, sizeof(*suggested));
data/darkplaces-0~20180908~beta1/snd_oss.c:76:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
audio_fd = open("/dev/dsp", O_WRONLY);
data/darkplaces-0~20180908~beta1/snd_oss.c:119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(suggested, requested, sizeof(*suggested));
data/darkplaces-0~20180908~beta1/snd_oss.c:140:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(suggested, requested, sizeof(*suggested));
data/darkplaces-0~20180908~beta1/snd_oss.c:157:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(suggested, requested, sizeof(*suggested));
data/darkplaces-0~20180908~beta1/snd_sdl.c:67:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream, &snd_renderbuffer->ring[StartOffset * factor], PartialLength1);
data/darkplaces-0~20180908~beta1/snd_sdl.c:70:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stream[PartialLength1], &snd_renderbuffer->ring[0], PartialLength2);
data/darkplaces-0~20180908~beta1/snd_sdl.c:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream, &snd_renderbuffer->ring[StartOffset * factor], FrameCount * factor);
data/darkplaces-0~20180908~beta1/snd_wav.c:330:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outb, inb, len);
data/darkplaces-0~20180908~beta1/spritegn.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; // name of pcx file
data/darkplaces-0~20180908~beta1/sv_demo.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/darkplaces-0~20180908~beta1/sv_demo.c:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufdata[64];
data/darkplaces-0~20180908~beta1/sv_demo.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufdata[MAX_SCOREBOARDNAME + 64];
data/darkplaces-0~20180908~beta1/sv_main.c:211:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *standardeffectnames[EFFECT_TOTAL] =
data/darkplaces-0~20180908~beta1/sv_main.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sv_main.c:884:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[128];
data/darkplaces-0~20180908~beta1/sv_main.c:885:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sv_main.c:944:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demofile[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/sv_main.c:945:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddress[MAX_QPATH];
data/darkplaces-0~20180908~beta1/sv_main.c:972:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/sv_main.c:1083:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client->spawn_parms, backupparms, sizeof(backupparms));
data/darkplaces-0~20180908~beta1/sv_main.c:2325:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sv_sendclientdatagram_buf[NET_MAXMESSAGE];
data/darkplaces-0~20180908~beta1/sv_main.c:2457:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1400];
data/darkplaces-0~20180908~beta1/sv_main.c:2743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extensions[MAX_QPATH]; // make sure this can hold all extensions
data/darkplaces-0~20180908~beta1/sv_main.c:2896:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/sv_main.c:2959:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/sv_main.c:3013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argv[16][1024];
data/darkplaces-0~20180908~beta1/sv_main.c:3014:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/sv_main.c:3279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modelname[sizeof(sv.worldname)];
data/darkplaces-0~20180908~beta1/sv_main.c:3280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/sv_main.c:3414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/darkplaces-0~20180908~beta1/sv_main.c:3936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/svvm_cmds.c:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/svvm_cmds.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/svvm_cmds.c:776:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char checkpvs[MAX_MAP_LEAFS/8];
data/darkplaces-0~20180908~beta1/svvm_cmds.c:890:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fatpvs[MAX_MAP_LEAFS/8];
data/darkplaces-0~20180908~beta1/svvm_cmds.c:956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/svvm_cmds.c:1650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[17];
data/darkplaces-0~20180908~beta1/svvm_cmds.c:1774:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->fields.fp, in->fields.fp, prog->entityfields * sizeof(prvm_vec_t));
data/darkplaces-0~20180908~beta1/svvm_cmds.c:2724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[VM_STRINGTEMP_LENGTH];
data/darkplaces-0~20180908~beta1/sys_linux.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/sys_linux.c:81:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/sys_sdl.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/sys_sdl.c:113:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/sys_shared.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sys_timestring[128];
data/darkplaces-0~20180908~beta1/sys_shared.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/sys_shared.c:178:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/sys_shared.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/sys_shared.c:497:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exenamebuf[MAX_OSPATH+1];
data/darkplaces-0~20180908~beta1/sys_win.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/sys_win.c:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/sys_win.c:260:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define atoi _atoi64
data/darkplaces-0~20180908~beta1/sys_win.c:266:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hFile = (HANDLE)atoi (com_argv[t+1]);
data/darkplaces-0~20180908~beta1/sys_win.c:272:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
heventParent = (HANDLE)atoi (com_argv[t+1]);
data/darkplaces-0~20180908~beta1/sys_win.c:278:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
heventChild = (HANDLE)atoi (com_argv[t+1]);
data/darkplaces-0~20180908~beta1/sys_win.c:304:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[MAX_NUM_ARGVS];
data/darkplaces-0~20180908~beta1/sys_win.c:305:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program_name[MAX_OSPATH];
data/darkplaces-0~20180908~beta1/utf8lib.c:23:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char utf8_lengths[256] = { // 0 = invalid
data/darkplaces-0~20180908~beta1/vid.h:107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char button[MAXJOYBUTTON]; // 0 or 1
data/darkplaces-0~20180908~beta1/vid.h:183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char gl_driver[256];
data/darkplaces-0~20180908~beta1/vid_shared.c:194:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gl_driver[256];
data/darkplaces-0~20180908~beta1/vid_shared.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extstr[MAX_INPUTLINE];
data/darkplaces-0~20180908~beta1/vid_shared.c:687:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char missingfuncs[16384];
data/darkplaces-0~20180908~beta1/vid_shared.c:1358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/vid_shared.c:1458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[1024];
data/darkplaces-0~20180908~beta1/vid_shared.c:1459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf2[1024];
data/darkplaces-0~20180908~beta1/vid_shared.c:1513:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(com_argv[i+1]);
data/darkplaces-0~20180908~beta1/vid_shared.c:1516:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(com_argv[i+1]);
data/darkplaces-0~20180908~beta1/wad.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clean[16];
data/darkplaces-0~20180908~beta1/wad.c:230:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[16];
data/darkplaces-0~20180908~beta1/wad.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texname[17];
data/darkplaces-0~20180908~beta1/wad.h:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[4]; // variably sized
data/darkplaces-0~20180908~beta1/wad.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identification[4]; // should be WAD2 or 2DAW
data/darkplaces-0~20180908~beta1/wad.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; // must be null terminated
data/darkplaces-0~20180908~beta1/world.c:2445:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(planesData, planes, numplanes*sizeof(dReal)*4);
data/darkplaces-0~20180908~beta1/world.c:2454:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(polygonsData, polygons, polyvert*sizeof(int));
data/darkplaces-0~20180908~beta1/world.c:2647:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ed->priv.server->ode_massbuf, &mass, sizeof(dMass));
data/darkplaces-0~20180908~beta1/world.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_QPATH];
data/darkplaces-0~20180908~beta1/zone.c:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[MEMCLUMPSIZE];
data/darkplaces-0~20180908~beta1/zone.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vabuf[MAX_OSPATH + 1];
data/darkplaces-0~20180908~beta1/zone.c:123:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(vabuf);
data/darkplaces-0~20180908~beta1/zone.c:422:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *) mem + sizeof(memheader_t) + mem->size, &sentinel2, sizeof(sentinel2));
data/darkplaces-0~20180908~beta1/zone.c:441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)((unsigned char *) mem + sizeof(memheader_t)), olddata, sharedsize);
data/darkplaces-0~20180908~beta1/zone.c:717:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l->arrays, oldarrays, l->numarrays * sizeof(*l->arrays));
data/darkplaces-0~20180908~beta1/zone.c:857:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Mem_PrintList(atoi(Cmd_Argv(1)) * 1024);
data/darkplaces-0~20180908~beta1/zone.c:894:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static union {unsigned short s;unsigned char b[2];} u;
data/darkplaces-0~20180908~beta1/zone.c:960:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("/proc/meminfo", "r");
data/darkplaces-0~20180908~beta1/zone.c:963:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/darkplaces-0~20180908~beta1/zone.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[POOLNAMESIZE];
data/darkplaces-0~20180908~beta1/cap_avi.c:95:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format->riffbuffer.cursize + (int)strlen(chunkfourcc) > format->riffbuffer.maxsize)
data/darkplaces-0~20180908~beta1/cap_avi.c:103:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format->riffbuffer.cursize + (int)strlen(string) > format->riffbuffer.maxsize)
data/darkplaces-0~20180908~beta1/cap_avi.c:521:170: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SCR_CaptureVideo_RIFF_Push("RIFF", "AVI ", format->canseek ? -1 : 12+(8+56+12+(12+52+8+40+8+68)+(cls.capturevideo.soundrate?(12+12+52+8+18):0)+12+(8+4))+12+(8+(((int) strlen(engineversion) | 1) + 1))+12);
data/darkplaces-0~20180908~beta1/cap_avi.c:686:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SCR_CaptureVideo_RIFF_Push("LIST", "INFO", 8+((strlen(engineversion) | 1) + 1));
data/darkplaces-0~20180908~beta1/cap_avi.c:687:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SCR_CaptureVideo_RIFF_Push("ISFT", NULL, strlen(engineversion) + 1);
data/darkplaces-0~20180908~beta1/cap_avi.c:697:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = min(x, (int)strlen(junkfiller));
data/darkplaces-0~20180908~beta1/cd_shared.c:130:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tryreal && strspn(trackname, "0123456789") == strlen(trackname))
data/darkplaces-0~20180908~beta1/cd_shared.c:139:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tryreal && strspn(trackname, "0123456789") == strlen(trackname))
data/darkplaces-0~20180908~beta1/cl_main.c:2112:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (int)strlen(name);
data/darkplaces-0~20180908~beta1/cl_parse.c:404:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (key[strlen(key)-1] == ' ') // remove trailing spaces
data/darkplaces-0~20180908~beta1/cl_parse.c:405:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key[strlen(key)-1] = 0;
data/darkplaces-0~20180908~beta1/cl_parse.c:461:4: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(value, "%f %f %f %f %f %f %f %f %f %63s", &r_refdef.fog_density, &r_refdef.fog_red, &r_refdef.fog_green, &r_refdef.fog_blue, &r_refdef.fog_alpha, &r_refdef.fog_start, &r_refdef.fog_end, &r_refdef.fog_height, &r_refdef.fog_fadedepth, r_refdef.fog_height_texturename);
data/darkplaces-0~20180908~beta1/cl_parse.c:833:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= MAX_QPATH)
data/darkplaces-0~20180908~beta1/cl_parse.c:834:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Host_Error("Server sent a precache name of %i characters (max %i)", (int)strlen(str), MAX_QPATH - 1);
data/darkplaces-0~20180908~beta1/cl_parse.c:868:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= MAX_QPATH)
data/darkplaces-0~20180908~beta1/cl_parse.c:869:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Host_Error("Server sent a precache name of %i characters (max %i)", (int)strlen(str), MAX_QPATH - 1);
data/darkplaces-0~20180908~beta1/cl_parse.c:1842:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= MAX_QPATH)
data/darkplaces-0~20180908~beta1/cl_parse.c:1843:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Host_Error ("Server sent a precache name of %i characters (max %i)", (int)strlen(str), MAX_QPATH - 1);
data/darkplaces-0~20180908~beta1/cl_parse.c:1854:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= MAX_QPATH)
data/darkplaces-0~20180908~beta1/cl_parse.c:1855:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Host_Error("Server sent a precache name of %i characters (max %i)", (int)strlen(str), MAX_QPATH - 1);
data/darkplaces-0~20180908~beta1/cl_parse.c:3027:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz_address = strlen(address) + 1;
data/darkplaces-0~20180908~beta1/cl_parse.c:3028:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz_name = strlen(name) + 1;
data/darkplaces-0~20180908~beta1/cl_parse.c:3131:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cl_iplog_items[i].address) < 15)
data/darkplaces-0~20180908~beta1/cl_parse.c:3488:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
description[strlen(description)-1] = '\n'; // replace the last space with a newline
data/darkplaces-0~20180908~beta1/cl_parse.c:3558:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cl.lightstyle[i].length = (int)strlen(cl.lightstyle[i].map);
data/darkplaces-0~20180908~beta1/cl_parse.c:3849:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
description[strlen(description)-1] = '\n'; // replace the last space with a newline
data/darkplaces-0~20180908~beta1/cl_parse.c:3980:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cl.lightstyle[i].length = (int)strlen(cl.lightstyle[i].map);
data/darkplaces-0~20180908~beta1/cl_screen.c:212:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = newline ? (newline - start) : (int)strlen(start);
data/darkplaces-0~20180908~beta1/cl_screen.c:528:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(temp);
data/darkplaces-0~20180908~beta1/cl_screen.c:546:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(scr_infobarstring);
data/darkplaces-0~20180908~beta1/cl_screen.c:580:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(addinfo);
data/darkplaces-0~20180908~beta1/cl_screen.c:594:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(temp);
data/darkplaces-0~20180908~beta1/cl_screen.c:1042:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string[strlen(string)-1] == '\n')
data/darkplaces-0~20180908~beta1/cl_screen.c:1043:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string[strlen(string)-1] = 0;
data/darkplaces-0~20180908~beta1/cl_screen.c:1491:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlcpy(filename + strlen(filename) - 3, "tga", 4);
data/darkplaces-0~20180908~beta1/cl_screen.c:2369:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s->msg);
data/darkplaces-0~20180908~beta1/cl_screen.c:2380:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s->msg);
data/darkplaces-0~20180908~beta1/cl_video.c:185:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
video->subtitle_text[numsubs] = (char *) Mem_Alloc(cls.permanentmempool, strlen(com_token) + 1);
data/darkplaces-0~20180908~beta1/cl_video.c:186:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(video->subtitle_text[numsubs], com_token, strlen(com_token) + 1);
data/darkplaces-0~20180908~beta1/cl_video.c:572:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
COM_Wordwrap(video->subtitle_text[i], strlen(video->subtitle_text[i]), 0, si.width, CL_DrawVideo_WordWidthFunc, &si, CL_DrawVideo_DisplaySubtitleLine, &si);
data/darkplaces-0~20180908~beta1/cl_video_jamdecode.c:148:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(filename) + 10;
data/darkplaces-0~20180908~beta1/cl_video_libavw.c:349:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename) + 10;
data/darkplaces-0~20180908~beta1/clvm_cmds.c:584:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cl.lightstyle[i].length = (int)strlen(cl.lightstyle[i].map);
data/darkplaces-0~20180908~beta1/clvm_cmds.c:1632:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(PRVM_G_STRING(OFS_PARM0)) + 1;
data/darkplaces-0~20180908~beta1/cmd.c:100:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(value);
data/darkplaces-0~20180908~beta1/cmd.c:145:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = (unsigned int)strlen(msg);
data/darkplaces-0~20180908~beta1/cmd.c:191:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(text);
data/darkplaces-0~20180908~beta1/cmd.c:213:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(text);
data/darkplaces-0~20180908~beta1/cmd.c:428:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (com_argv[i] && com_argv[i][0] == '+' && (com_argv[i][1] < '0' || com_argv[i][1] > '9') && l + strlen(com_argv[i]) - 1 <= sizeof(build) - 1)
data/darkplaces-0~20180908~beta1/cmd.c:440:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l + strlen(com_argv[i]) + 4 > sizeof(build) - 1)
data/darkplaces-0~20180908~beta1/cmd.c:463:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t filenameLen = strlen(filename);
data/darkplaces-0~20180908~beta1/cmd.c:851:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >= MAX_ALIAS_NAME)
data/darkplaces-0~20180908~beta1/cmd.c:896:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen (cmd) + 1;
data/darkplaces-0~20180908~beta1/cmd.c:999:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(varname[strlen(varname) - 1] == '-')
data/darkplaces-0~20180908~beta1/cmd.c:1002:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(endptr == varname + strlen(varname) - 1)
data/darkplaces-0~20180908~beta1/cmd.c:1139:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p)); // with final NUL
data/darkplaces-0~20180908~beta1/cmd.c:1145:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p)); // with final NUL
data/darkplaces-0~20180908~beta1/cmd.c:1150:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p)); // with final NUL
data/darkplaces-0~20180908~beta1/cmd.c:1382:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1614:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(com_token) + 1;
data/darkplaces-0~20180908~beta1/cmd.c:1716:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1745:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1775:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1790:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1811:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1828:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1853:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:1883:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cmd.c:2111:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SZ_Write(&cls.netcon->message, (unsigned char *)temp, (int)strlen(temp));
data/darkplaces-0~20180908~beta1/cmd.c:2121:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SZ_Write(&cls.netcon->message, (const unsigned char *)s, (int)strlen(s) + 1);
data/darkplaces-0~20180908~beta1/common.c:326:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SZ_Write (sb, (unsigned char *)s, (int)strlen(s)+1);
data/darkplaces-0~20180908~beta1/common.c:332:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SZ_Write (sb, (unsigned char *)s, (int)strlen(s));
data/darkplaces-0~20180908~beta1/common.c:1801:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commentprefixlength = (int)strlen(commentprefix);
data/darkplaces-0~20180908~beta1/common.c:2014:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylength = strlen(key);
data/darkplaces-0~20180908~beta1/common.c:2066:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylength = strlen(key);
data/darkplaces-0~20180908~beta1/common.c:2101:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bufferlength <= pos + 1 + strlen(key) + 1 + strlen(value) + strlen(buffer + pos2))
data/darkplaces-0~20180908~beta1/common.c:2101:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bufferlength <= pos + 1 + strlen(key) + 1 + strlen(value) + strlen(buffer + pos2))
data/darkplaces-0~20180908~beta1/common.c:2101:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bufferlength <= pos + 1 + strlen(key) + 1 + strlen(value) + strlen(buffer + pos2))
data/darkplaces-0~20180908~beta1/common.c:2189:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(s));
data/darkplaces-0~20180908~beta1/common.h:241:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#undef strncat
data/darkplaces-0~20180908~beta1/common.h:242:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define strncat DO_NOT_USE_STRNCAT__USE_STRLCAT_OR_MEMCPY
data/darkplaces-0~20180908~beta1/common.h:245:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#undef strncpy
data/darkplaces-0~20180908~beta1/common.h:246:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define strncpy DO_NOT_USE_STRNCPY__USE_STRLCPY_OR_MEMCPY
data/darkplaces-0~20180908~beta1/console.c:592:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (msg);
data/darkplaces-0~20180908~beta1/console.c:627:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(msg);
data/darkplaces-0~20180908~beta1/console.c:717:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chat_bufferlen = (unsigned int)strlen(chat_buffer);
data/darkplaces-0~20180908~beta1/console.c:734:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chat_bufferlen = (unsigned int)strlen(chat_buffer);
data/darkplaces-0~20180908~beta1/console.c:749:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chat_bufferlen = (unsigned int)strlen(chat_buffer);
data/darkplaces-0~20180908~beta1/console.c:823:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FS_Write(file, sanitizedmsg, strlen(sanitizedmsg));
data/darkplaces-0~20180908~beta1/console.c:1223:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p+1, q, strlen(q)+1);
data/darkplaces-0~20180908~beta1/console.c:1526:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y = (int)strlen(text);
data/darkplaces-0~20180908~beta1/console.c:1650:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = (int) DrawQ_String(x, ti->y, ti->continuationString, strlen(ti->continuationString), ti->fontsize, ti->fontsize, 1.0, 1.0, 1.0, 1.0, 0, NULL, false, ti->font);
data/darkplaces-0~20180908~beta1/console.c:1681:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(continuationString);
data/darkplaces-0~20180908~beta1/console.c:2101:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = (int)strlen(t->filenames[i]);
data/darkplaces-0~20180908~beta1/console.c:2110:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o = (int)strlen(s);
data/darkplaces-0~20180908~beta1/console.c:2177:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(entfilename + strlen(entfilename) - 4, ".ent", 5);
data/darkplaces-0~20180908~beta1/console.c:2260:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(*walk);
data/darkplaces-0~20180908~beta1/console.c:2268:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(*list);
data/darkplaces-0~20180908~beta1/console.c:2451:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = (unsigned int)strlen(Nicks_sanlist[0]) - 1;
data/darkplaces-0~20180908~beta1/console.c:2454:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (unsigned int)strlen(Nicks_sanlist[i]) - 1;
data/darkplaces-0~20180908~beta1/console.c:2493:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = (unsigned int)strlen(Nicks_sanlist[0]);
data/darkplaces-0~20180908~beta1/console.c:2536:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(Nicks_strcleanlen(Nicks_sanlist[0]) < strlen(tempstr))
data/darkplaces-0~20180908~beta1/console.c:2551:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = (unsigned int)strlen(Nicks_sanlist[0]);
data/darkplaces-0~20180908~beta1/console.c:2592:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(Nicks_strcleanlen(Nicks_sanlist[0]) < strlen(tempstr))
data/darkplaces-0~20180908~beta1/console.c:2703:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = min(size - Nicks_matchpos - 3, strlen(msg));
data/darkplaces-0~20180908~beta1/console.c:2720:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)min(size - Nicks_matchpos, strlen(msg));
data/darkplaces-0~20180908~beta1/console.c:2782:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos += (int)strlen(t) - (int)strlen(s);
data/darkplaces-0~20180908~beta1/console.c:2782:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos += (int)strlen(t) - (int)strlen(s);
data/darkplaces-0~20180908~beta1/console.c:2790:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(key_linepos > (int) strlen(key_line))
data/darkplaces-0~20180908~beta1/console.c:2791:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int) strlen(key_line);
data/darkplaces-0~20180908~beta1/console.c:2845:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(search->filenames[i], s, strlen(s)))
data/darkplaces-0~20180908~beta1/console.c:2867:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(search->filenames[i], s, strlen(s)))
data/darkplaces-0~20180908~beta1/console.c:2922:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos += (int)strlen(t) - (int)strlen(s);
data/darkplaces-0~20180908~beta1/console.c:2922:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos += (int)strlen(t) - (int)strlen(s);
data/darkplaces-0~20180908~beta1/console.c:2930:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(key_linepos > (int) strlen(key_line))
data/darkplaces-0~20180908~beta1/console.c:2931:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int) strlen(key_line);
data/darkplaces-0~20180908~beta1/console.c:2983:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cmd_len = (int)strlen(s);;cmd_len++)
data/darkplaces-0~20180908~beta1/console.c:3014:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len = (int)strlen(Nicks_list[0]);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:166:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(umask_save | 0077);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:168:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(umask_save);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:298:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask_save = umask(0022);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:352:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixlen = strlen(prefix);
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:384:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guesscount /= (1 - pow(1 - pow(1/64.0, strlen(infix)), 44 - prefixlen - strlen(infix)));
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:384:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guesscount /= (1 - pow(1 - pow(1/64.0, strlen(infix)), 44 - prefixlen - strlen(infix)));
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:727:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2size = strlen(hexbuf) / 2;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:746:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2size = strlen(hexbuf) / 2;
data/darkplaces-0~20180908~beta1/crypto-keygen-standalone.c:755:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2size = strlen(hexbuf) / 2;
data/darkplaces-0~20180908~beta1/crypto.c:406:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(str);
data/darkplaces-0~20180908~beta1/crypto.c:618:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *) buf, strlen(buf)) % CRYPTO_HOSTKEY_HASHSIZE;
data/darkplaces-0~20180908~beta1/crypto.c:701:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *) buf, strlen(buf)) % CRYPTO_HOSTKEY_HASHSIZE;
data/darkplaces-0~20180908~beta1/crypto.c:741:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *) buf, strlen(buf)) % CRYPTO_HOSTKEY_HASHSIZE;
data/darkplaces-0~20180908~beta1/crypto.c:1339:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2pos = strlen(Cmd_Argv(2));
data/darkplaces-0~20180908~beta1/crypto.c:1712:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len_out = strlen(data_out);
data/darkplaces-0~20180908~beta1/crypto.c:2094:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len_out = strlen(data_out);
data/darkplaces-0~20180908~beta1/csprogs.c:594:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/darkplaces-0~20180908~beta1/csprogs.c:656:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(msg)-1;
data/darkplaces-0~20180908~beta1/csprogs.c:659:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cl.csqc_printtextbuf)+i >= MAX_INPUTLINE)
data/darkplaces-0~20180908~beta1/cvar.c:41:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *)var_name, strlen(var_name)) % CVAR_HASHSIZE;
data/darkplaces-0~20180908~beta1/cvar.c:79:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *)var_name, strlen(var_name));
data/darkplaces-0~20180908~beta1/cvar.c:184:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cvar.c:213:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cvar.c:243:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/cvar.c:258:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(partial);
data/darkplaces-0~20180908~beta1/cvar.c:350:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valuelen = strlen(value);
data/darkplaces-0~20180908~beta1/cvar.c:351:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!var->string || strlen(var->string) != valuelen)
data/darkplaces-0~20180908~beta1/cvar.c:549:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(variable->string) + 1;
data/darkplaces-0~20180908~beta1/cvar.c:573:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *)variable->name, strlen(variable->name)) % CVAR_HASHSIZE;
data/darkplaces-0~20180908~beta1/cvar.c:658:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *)cvar->name, strlen(cvar->name)) % CVAR_HASHSIZE;
data/darkplaces-0~20180908~beta1/cvar.c:726:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(var->string) + 1;
data/darkplaces-0~20180908~beta1/cvar.c:799:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *)c->name, strlen(c->name)) % CVAR_HASHSIZE;
data/darkplaces-0~20180908~beta1/cvar.c:897:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/dpvsimpledecode.c:373:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(filename) + 10;
data/darkplaces-0~20180908~beta1/filematch.c:114:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlen = strlen(text) + 1;
data/darkplaces-0~20180908~beta1/fs.c:70:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define read _read
data/darkplaces-0~20180908~beta1/fs.c:99:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define FILEDESC_READ read
data/darkplaces-0~20180908~beta1/fs.c:1202:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(pak->shortname);
data/darkplaces-0~20180908~beta1/fs.c:1206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(pak->filename);
data/darkplaces-0~20180908~beta1/fs.c:1283:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FS_AddPack_Fullpath(list.strings[i], list.strings[i] + strlen(dir), NULL, false);
data/darkplaces-0~20180908~beta1/fs.c:1292:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FS_AddPack_Fullpath(list.strings[i], list.strings[i] + strlen(dir), NULL, false);
data/darkplaces-0~20180908~beta1/fs.c:1777:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(com_token) + 1; // shut up clang
data/darkplaces-0~20180908~beta1/fs.c:2031:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen (fs_basedir);
data/darkplaces-0~20180908~beta1/fs.c:2077:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fs_basedir[0] && fs_basedir[strlen(fs_basedir) - 1] != '/' && fs_basedir[strlen(fs_basedir) - 1] != '\\')
data/darkplaces-0~20180908~beta1/fs.c:2077:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fs_basedir[0] && fs_basedir[strlen(fs_basedir) - 1] != '/' && fs_basedir[strlen(fs_basedir) - 1] != '\\')
data/darkplaces-0~20180908~beta1/fs.c:2484:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isgamedir && path[strlen(path)-1] == '/')
data/darkplaces-0~20180908~beta1/fs.c:3073:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)FS_Write (file, msg, strlen (msg));
data/darkplaces-0~20180908~beta1/fs.c:3457:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src = path + strlen(path);
data/darkplaces-0~20180908~beta1/fs.c:3669:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextseparator = start + strlen( start );
data/darkplaces-0~20180908~beta1/fs.c:3735:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchars += (int)strlen(resultlist.strings[resultlistindex]) + 1;
data/darkplaces-0~20180908~beta1/fs.c:3746:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlen = strlen(resultlist.strings[resultlistindex]) + 1;
data/darkplaces-0~20180908~beta1/fs.c:3789:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(search->filenames[i]);
data/darkplaces-0~20180908~beta1/ft2.c:647:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/darkplaces-0~20180908~beta1/gl_draw.c:101:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crc = CRC_Block((unsigned char *)path, strlen(path));
data/darkplaces-0~20180908~beta1/gl_draw.c:257:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crc = CRC_Block((unsigned char *)picname, strlen(picname));
data/darkplaces-0~20180908~beta1/gl_draw.c:311:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crc = CRC_Block((unsigned char *)picname, strlen(picname));
data/darkplaces-0~20180908~beta1/gl_rmain.c:981:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(t);
data/darkplaces-0~20180908~beta1/gl_rmain.c:987:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(t);
data/darkplaces-0~20180908~beta1/gl_rmain.c:1008:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modeinfo->builtincrc = CRC_Block((const unsigned char *)modeinfo->builtinstring, strlen(modeinfo->builtinstring));
data/darkplaces-0~20180908~beta1/gl_rmain.c:2145:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((unsigned char *)basename, strlen(basename)) & (SKINFRAME_HASH - 1);
data/darkplaces-0~20180908~beta1/gl_rmain.c:2169:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((unsigned char *)basename, strlen(basename)) & (SKINFRAME_HASH - 1);
data/darkplaces-0~20180908~beta1/gl_textures.c:1590:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strsize = strlen(vabuf);
data/darkplaces-0~20180908~beta1/host_cmd.c:1142:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newNameSource) >= sizeof(newName)) // overflowed
data/darkplaces-0~20180908~beta1/host_cmd.c:1179:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(host_client->name);
data/darkplaces-0~20180908~beta1/host_cmd.c:1223:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (j >= 0 && strlen(host_client->name) < sizeof(host_client->name) - 2)
data/darkplaces-0~20180908~beta1/host_cmd.c:1224:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(host_client->name + strlen(host_client->name), STRING_COLOR_DEFAULT_STR, strlen(STRING_COLOR_DEFAULT_STR) + 1);
data/darkplaces-0~20180908~beta1/host_cmd.c:1224:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(host_client->name + strlen(host_client->name), STRING_COLOR_DEFAULT_STR, strlen(STRING_COLOR_DEFAULT_STR) + 1);
data/darkplaces-0~20180908~beta1/host_cmd.c:1415:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = text + strlen(text);
data/darkplaces-0~20180908~beta1/host_cmd.c:1483:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = p1 + strlen(p1);
data/darkplaces-0~20180908~beta1/host_cmd.c:1566:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen(text);j < (int)(sizeof(text) - 2) && p1 < p2;)
data/darkplaces-0~20180908~beta1/host_cmd.c:2115:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message += strlen(Cmd_Argv(2)); // skip the number
data/darkplaces-0~20180908~beta1/host_cmd.c:2570:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = e ? e-rcon_password.string : (int)strlen(rcon_password.string);
data/darkplaces-0~20180908~beta1/host_cmd.c:2632:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = e ? e-rcon_password.string : (int)strlen(rcon_password.string);
data/darkplaces-0~20180908~beta1/host_cmd.c:2677:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(HMAC_MDFOUR_16BYTES((unsigned char *) (buf + 24), (unsigned char *) argbuf, (int)strlen(argbuf), (unsigned char *) rcon_password.string, n))
data/darkplaces-0~20180908~beta1/host_cmd.c:2681:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NetConn_Write(mysocket, buf, 41 + (int)strlen(buf + 41), &cls.rcon_address);
data/darkplaces-0~20180908~beta1/host_cmd.c:2889:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen (in);
data/darkplaces-0~20180908~beta1/jpeg.c:1014:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hashindex = CRC_Block((unsigned char *) hashkey, strlen(hashkey)) % COMPRESSEDIMAGECACHE_SIZE;
data/darkplaces-0~20180908~beta1/jpeg.c:1017:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(imagename) >= MAX_QPATH)
data/darkplaces-0~20180908~beta1/jpeg.c:1033:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hashindex = CRC_Block((unsigned char *) hashkey, strlen(hashkey)) % COMPRESSEDIMAGECACHE_SIZE;
data/darkplaces-0~20180908~beta1/keys.c:119:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ConBuffer_AddLine(&history, key_line + 1, (int)strlen(key_line) - 1, 0);
data/darkplaces-0~20180908~beta1/keys.c:131:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:150:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:157:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:180:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:192:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:205:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:214:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t digits = strlen(va(vabuf, sizeof(vabuf), "%i", HIST_MAXLINES));
data/darkplaces-0~20180908~beta1/keys.c:249:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t digits = strlen(va(vabuf, sizeof(vabuf), "%i", HIST_MAXLINES));
data/darkplaces-0~20180908~beta1/keys.c:281:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t digits = strlen(va(vabuf, sizeof(vabuf), "%i", HIST_MAXLINES));
data/darkplaces-0~20180908~beta1/keys.c:303:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t digits = strlen(va(vabuf, sizeof(vabuf), "%i", HIST_MAXLINES));
data/darkplaces-0~20180908~beta1/keys.c:751:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen(cbd);
data/darkplaces-0~20180908~beta1/keys.c:839:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cvar_str_len = (int)strlen(cvar_str);
data/darkplaces-0~20180908~beta1/keys.c:844:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chars_to_move = (int)strlen(&key_line[key_linepos]);
data/darkplaces-0~20180908~beta1/keys.c:943:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linelen = strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:953:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key_linepos >= (int)strlen(key_line))
data/darkplaces-0~20180908~beta1/keys.c:959:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:981:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:1153:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_line);
data/darkplaces-0~20180908~beta1/keys.c:1169:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(&key_line[key_linepos]);
data/darkplaces-0~20180908~beta1/keys.c:1335:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (binding);
data/darkplaces-0~20180908~beta1/keys.c:1903:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (con_closeontoggleconsole.integer && bind && !strncmp(bind, "toggleconsole", strlen("toggleconsole")) && (key_consoleactive & KEY_CONSOLEACTIVE_USER) && (con_closeontoggleconsole.integer >= ((ascii != STRING_COLOR_TAG) ? 2 : 3) || key_linepos == 1))
data/darkplaces-0~20180908~beta1/keys.c:1919:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (down && con_closeontoggleconsole.integer && bind && !strncmp(bind, "toggleconsole", strlen("toggleconsole")) && ascii != STRING_COLOR_TAG)
data/darkplaces-0~20180908~beta1/lhnet.c:266:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen (addr_start);
data/darkplaces-0~20180908~beta1/lhnet.c:402:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colon = string + strlen(string);
data/darkplaces-0~20180908~beta1/lhnet.c:1249:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int blen = strlen(buffer);
data/darkplaces-0~20180908~beta1/lhnet.c:1280:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/darkplaces-0~20180908~beta1/lhnet.c:1291:2: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/darkplaces-0~20180908~beta1/lhnet.c:1353:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendmessagelength = strlen(sendmessage);
data/darkplaces-0~20180908~beta1/lhnet.c:1377:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/darkplaces-0~20180908~beta1/lhnet.c:1411:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("LH_Write failed, returned %i (length of message was %i)\n", length, strlen(argv[4]));
data/darkplaces-0~20180908~beta1/libcurl.c:780:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(ua[0] && ua[strlen(ua)-1] != ' ')
data/darkplaces-0~20180908~beta1/libcurl.c:971:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = addressstring + strlen(addressstring);
data/darkplaces-0~20180908~beta1/libcurl.c:1021:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = q ? (size_t)(q - p) : strlen(p);
data/darkplaces-0~20180908~beta1/libcurl.c:1879:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dpsnprintf(sendbuffer + strlen(sendbuffer), sendbuffer_len - strlen(sendbuffer), " --maxspeed=%.1f", sv_curl_maxspeed.value);
data/darkplaces-0~20180908~beta1/libcurl.c:1879:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dpsnprintf(sendbuffer + strlen(sendbuffer), sendbuffer_len - strlen(sendbuffer), " --maxspeed=%.1f", sv_curl_maxspeed.value);
data/darkplaces-0~20180908~beta1/libcurl.c:1910:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sendbuffer) + 1 < sizeof(sendbuffer))
data/darkplaces-0~20180908~beta1/menu.c:444:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = "You have reached this menu due to missing or unlocatable content/data";M_PrintRed ((640-strlen(s)*8)*0.5, (480/3)-16, s);y+=8;
data/darkplaces-0~20180908~beta1/menu.c:446:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = "You may consider adding";M_Print ((640-strlen(s)*8)*0.5, y, s);y+=8;
data/darkplaces-0~20180908~beta1/menu.c:447:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = "-basedir /path/to/game";M_Print ((640-strlen(s)*8)*0.5, y, s);y+=8;
data/darkplaces-0~20180908~beta1/menu.c:448:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = "to your launch commandline";M_Print ((640-strlen(s)*8)*0.5, y, s);y+=8;
data/darkplaces-0~20180908~beta1/menu.c:1423:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_DrawCharacter (168 + 8*strlen(setup_myname), setup_cursor_table [setup_cursor], 10+((int)(realtime*4)&1));
data/darkplaces-0~20180908~beta1/menu.c:1510:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(setup_myname))
data/darkplaces-0~20180908~beta1/menu.c:1511:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setup_myname[strlen(setup_myname)-1] = 0;
data/darkplaces-0~20180908~beta1/menu.c:1520:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(setup_myname);
data/darkplaces-0~20180908~beta1/menu.c:1651:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_DrawCheckbox(0 + 48 + (int)strlen(s) * 8 + 8, m_opty, yes);
data/darkplaces-0~20180908~beta1/menu.c:1664:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_DrawSlider(0 + 48 + (int)strlen(s) * 8 + 8, m_opty, value, minvalue, maxvalue);
data/darkplaces-0~20180908~beta1/menu.c:3300:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = (int)strlen(m_quit_message[i])))
data/darkplaces-0~20180908~beta1/menu.c:3315:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_Print(8 + 4 * (linelength - strlen(m_quit_message[l])), 8 + 8 * i, m_quit_message[l]);
data/darkplaces-0~20180908~beta1/menu.c:3392:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_DrawCharacter (basex+9*8 + 8*strlen(lanConfig_portname), lanConfig_cursor_table [lanConfig_cursor], 10+((int)(realtime*4)&1));
data/darkplaces-0~20180908~beta1/menu.c:3395:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_DrawCharacter (basex+16 + 8*strlen(lanConfig_joinname), lanConfig_cursor_table [lanConfig_cursor], 10+((int)(realtime*4)&1));
data/darkplaces-0~20180908~beta1/menu.c:3461:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lanConfig_portname))
data/darkplaces-0~20180908~beta1/menu.c:3462:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lanConfig_portname[strlen(lanConfig_portname)-1] = 0;
data/darkplaces-0~20180908~beta1/menu.c:3467:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lanConfig_joinname))
data/darkplaces-0~20180908~beta1/menu.c:3468:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lanConfig_joinname[strlen(lanConfig_joinname)-1] = 0;
data/darkplaces-0~20180908~beta1/menu.c:3478:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(lanConfig_joinname);
data/darkplaces-0~20180908~beta1/menu.c:3490:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(lanConfig_portname);
data/darkplaces-0~20180908~beta1/menu.c:4114:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_DrawCharacter (8 + 8 * strlen(hostname.string), gameoptions_cursor_table[gameoptions_cursor], 10+((int)(realtime*4)&1));
data/darkplaces-0~20180908~beta1/menu.c:4354:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(hostname.string);
data/darkplaces-0~20180908~beta1/menu.c:4370:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(hostname.string);
data/darkplaces-0~20180908~beta1/menu.c:4416:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M_PrintRed((640 - strlen(s) * 8) / 2, 32, s);
data/darkplaces-0~20180908~beta1/model_brush.c:1695:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen(name); j < 16; j++)
data/darkplaces-0~20180908~beta1/model_brush.c:1795:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen(name);j < 16;j++)
data/darkplaces-0~20180908~beta1/model_brush.c:2216:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (key[strlen(key)-1] == ' ') // remove trailing spaces
data/darkplaces-0~20180908~beta1/model_brush.c:2217:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key[strlen(key)-1] = 0;
data/darkplaces-0~20180908~beta1/model_brush.c:5219:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (key[strlen(key)-1] == ' ') // remove trailing spaces
data/darkplaces-0~20180908~beta1/model_brush.c:5220:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key[strlen(key)-1] = 0;
data/darkplaces-0~20180908~beta1/model_shared.c:512:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(mod->name) >= 4 && !strcmp(mod->name + strlen(mod->name) - 4, ".map")) Mod_MAP_Load(mod, buf, bufend);
data/darkplaces-0~20180908~beta1/model_shared.c:512:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(mod->name) >= 4 && !strcmp(mod->name + strlen(mod->name) - 4, ".map")) Mod_MAP_Load(mod, buf, bufend);
data/darkplaces-0~20180908~beta1/model_shared.c:1378:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned short hash = CRC_Block_CaseInsensitive ((const unsigned char *)shader->name, strlen (shader->name));
data/darkplaces-0~20180908~beta1/model_shared.c:1495:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (int)strlen(com_token)+1;
data/darkplaces-0~20180908~beta1/model_shared.c:2201:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hash = CRC_Block_CaseInsensitive ((const unsigned char *)name, strlen (name));
data/darkplaces-0~20180908~beta1/model_shared.c:3325:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (l = 0, k = (int)strlen(animname);animname[l];l++)
data/darkplaces-0~20180908~beta1/model_shared.c:3335:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (l = 0, k = (int)strlen(animname2);animname2[l];l++)
data/darkplaces-0~20180908~beta1/netconn.c:178:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(com_token[0] != '[' && strlen(com_token) == FP64_SIZE && !strchr(com_token, '.'))
data/darkplaces-0~20180908~beta1/netconn.c:348:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return *bufferB && !memcmp(bufferA, bufferB, strlen(bufferB));
data/darkplaces-0~20180908~beta1/netconn.c:350:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !*bufferB || memcmp(bufferA, bufferB, strlen(bufferB));
data/darkplaces-0~20180908~beta1/netconn.c:669:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return NetConn_Write(mysocket, string, (int)strlen(string), peeraddress);
data/darkplaces-0~20180908~beta1/netconn.c:1873:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = e ? e-rcon_password.string : (int)strlen(rcon_password.string);
data/darkplaces-0~20180908~beta1/netconn.c:1875:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(HMAC_MDFOUR_16BYTES((unsigned char *) (buf + 29), (unsigned char *) argbuf, (int)strlen(argbuf), (unsigned char *) rcon_password.string, n))
data/darkplaces-0~20180908~beta1/netconn.c:1880:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NetConn_Write(mysocket, buf, 46 + (int)strlen(buf + 46), peeraddress);
data/darkplaces-0~20180908~beta1/netconn.c:2752:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, (int)strlen(password)))
data/darkplaces-0~20180908~beta1/netconn.c:2780:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!HMAC_MDFOUR_16BYTES((unsigned char *) mdfourbuf, (unsigned char *) s, slen, (unsigned char *) password, (int)strlen(password)))
data/darkplaces-0~20180908~beta1/netconn.c:2824:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userpass_end = userpass_start + strlen(userpass_start);
data/darkplaces-0~20180908~beta1/netconn.c:2843:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userpass_end = userpass_start + strlen(userpass_start);
data/darkplaces-0~20180908~beta1/netconn.c:2857:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s);
data/darkplaces-0~20180908~beta1/netconn.c:2882:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!memcmp(va(vabuf, sizeof(vabuf), "%s ", com_token), s, strlen(com_token) + 1))
data/darkplaces-0~20180908~beta1/netconn.c:2910:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s_ptr);
data/darkplaces-0~20180908~beta1/netconn.c:2921:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s);
data/darkplaces-0~20180908~beta1/netconn.c:3037:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response_len = strlen(response) + 1;
data/darkplaces-0~20180908~beta1/netconn.c:3579:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endpos = cmd + strlen(cmd) + 1; // one behind the NUL, so adding strlen+1 will eventually reach it
data/darkplaces-0~20180908~beta1/netconn.c:3739:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NetConn_Write(cl_sockets[i], request, (int)strlen(request) + 1, &masteraddress);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:270:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(name);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:1975:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((stringlength = (int)strlen(string)))
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2382:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search_len = (int)strlen(search);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2383:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replace_len = (int)strlen(replace);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2384:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_len = (int)strlen(subject);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2449:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search_len = (int)strlen(search);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2450:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replace_len = (int)strlen(replace);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2451:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_len = (int)strlen(subject);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2530:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(string) + 1;
data/darkplaces-0~20180908~beta1/prvm_cmds.c:2692:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
separatorlen[numseparators] = (int)strlen(s);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4721:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(str) + 1;
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4881:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen = strlen(srcstringbuffer->strings[i]) + 1;
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4955:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += (i > 0 ? strlen(sep) : 0) + strlen(stringbuffer->strings[i]);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:4955:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += (i > 0 ? strlen(sep) : 0) + strlen(stringbuffer->strings[i]);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5068:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(string) + 1;
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5179:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(string) + 1;
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5264:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlength = (int)strlen(stringbuffer->strings[strindex])))
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5287:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patternlength = (int)strlen(pattern);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5397:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchlen = (int)strlen(match);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5445:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(match);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5447:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += max(0, min((unsigned int)PRVM_G_FLOAT(OFS_PARM3), strlen(s)-1));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5481:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5490:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
antilen = strlen(antipartial);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5527:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = strlen(cvar->name) + 1;
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5682:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (firstofs && (firstofs < 0 || firstofs > (int)strlen(instr)))
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5705:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((unsigned)index < strlen(s))
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5833:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen((char *) resbuf);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5965:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PRVM_G_FLOAT(OFS_RETURN) = (unsigned short) ((insensitive ? CRC_Block_CaseInsensitive : CRC_Block) ((unsigned char *) s, strlen(s)));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:5985:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(s);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6255:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lq = query_string ? strlen(query_string) : 0;
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6262:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(postseparator);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6281:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltotal += strlen(stringbuffer->strings[i]);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6295:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(handle->postdata + ltotal, stringbuffer->strings[i], strlen(stringbuffer->strings[i]));
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6296:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltotal += strlen(stringbuffer->strings[i]);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6317:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(handle->sigdata);
data/darkplaces-0~20180908~beta1/prvm_cmds.c:6347:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(handle->sigdata);
data/darkplaces-0~20180908~beta1/prvm_edict.c:638:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:638:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:638:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:638:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:638:125: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:658:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > sizeof(tempstring2)-4)
data/darkplaces-0~20180908~beta1/prvm_edict.c:666:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (l = strlen(name);l < 14;l++)
data/darkplaces-0~20180908~beta1/prvm_edict.c:671:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > sizeof(tempstring2)-4)
data/darkplaces-0~20180908~beta1/prvm_edict.c:680:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempstring) >= sizeof(tempstring)/2)
data/darkplaces-0~20180908~beta1/prvm_edict.c:725:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 1 && name[strlen(name)-2] == '_')
data/darkplaces-0~20180908~beta1/prvm_edict.c:725:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 1 && name[strlen(name)-2] == '_')
data/darkplaces-0~20180908~beta1/prvm_edict.c:965:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(s) + 1;
data/darkplaces-0~20180908~beta1/prvm_edict.c:1281:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(keyname);
data/darkplaces-0~20180908~beta1/prvm_edict.c:1778:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decodedpos += strlen(decodedbuf + decodedpos);
data/darkplaces-0~20180908~beta1/prvm_edict.c:1796:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashindex = CRC_Block((const unsigned char *) thisstr.key, strlen(thisstr.key)) % PO_HASHSIZE;
data/darkplaces-0~20180908~beta1/prvm_edict.c:1811:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hashindex = CRC_Block((const unsigned char *) str, strlen(str)) % PO_HASHSIZE;
data/darkplaces-0~20180908~beta1/prvm_edict.c:2368:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:2368:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:2368:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:2368:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:2368:128: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !(strlen(name) > 1 && name[strlen(name)-2] == '_' && (name[strlen(name)-1] == 'x' || name[strlen(name)-1] == 'y' || name[strlen(name)-1] == 'z'))
data/darkplaces-0~20180908~beta1/prvm_edict.c:2511:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen(name)-2] == '_')
data/darkplaces-0~20180908~beta1/prvm_edict.c:2532:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen(name)-2] == '_')
data/darkplaces-0~20180908~beta1/prvm_edict.c:2565:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > sizeof(tempstring2)-4)
data/darkplaces-0~20180908~beta1/prvm_edict.c:2573:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = (int)strlen(name);j < 25;j++)
data/darkplaces-0~20180908~beta1/prvm_edict.c:2578:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempstring) >= sizeof(tempstring)/2)
data/darkplaces-0~20180908~beta1/prvm_edict.c:3090:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (int)strlen(s) + 1;
data/darkplaces-0~20180908~beta1/prvm_exec.c:146:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(prvm_opnames[s->op]);
data/darkplaces-0~20180908~beta1/r_shadow.c:4894:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
a = sscanf(t, "%f %f %f %f %f %f %f %d %127s %f %f %f %f %f %f %f %f %i", &origin[0], &origin[1], &origin[2], &radius, &color[0], &color[1], &color[2], &style, cubemapname
data/darkplaces-0~20180908~beta1/r_shadow.c:4917:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cubemapname[0] == '"' && cubemapname[strlen(cubemapname) - 1] == '"')
data/darkplaces-0~20180908~beta1/r_shadow.c:4920:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(cubemapname) - 2;
data/darkplaces-0~20180908~beta1/r_shadow.c:4973:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bufchars + strlen(line) > bufmaxchars)
data/darkplaces-0~20180908~beta1/r_shadow.c:4975:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufmaxchars = bufchars + strlen(line) + 2048;
data/darkplaces-0~20180908~beta1/r_shadow.c:4985:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line))
data/darkplaces-0~20180908~beta1/r_shadow.c:4987:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf + bufchars, line, strlen(line));
data/darkplaces-0~20180908~beta1/r_shadow.c:4988:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufchars += strlen(line);
data/darkplaces-0~20180908~beta1/r_shadow.c:5103:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (key[strlen(key)-1] == ' ') // remove trailing spaces
data/darkplaces-0~20180908~beta1/r_shadow.c:5104:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key[strlen(key)-1] = 0;
data/darkplaces-0~20180908~beta1/r_sky.c:154:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sky) > 1000)
data/darkplaces-0~20180908~beta1/r_sky.c:156:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Con_Printf("sky name too long (%i, max is 1000)\n", (int)strlen(sky));
data/darkplaces-0~20180908~beta1/sbar.c:681:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(str) > max)
data/darkplaces-0~20180908~beta1/sbar.c:713:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int) strlen (cl.worldname);
data/darkplaces-0~20180908~beta1/sbar.c:716:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int) strlen (cl.worldmessage);
data/darkplaces-0~20180908~beta1/snd_main.c:987:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) >= sizeof (sfx->name))
data/darkplaces-0~20180908~beta1/snd_mem.c:334:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(namebuffer);
data/darkplaces-0~20180908~beta1/snd_mem.c:350:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(namebuffer);
data/darkplaces-0~20180908~beta1/sv_main.c:628:120: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FS_WriteFile(va(vabuf, sizeof(vabuf), "%s.ent", sv.worldnamenoextension), sv.worldmodel->brush.entities, (fs_offset_t)strlen(sv.worldmodel->brush.entities));
data/darkplaces-0~20180908~beta1/sv_user.c:890:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Com_HexDumpToConsole((unsigned char *) s, (int)strlen(s));
data/darkplaces-0~20180908~beta1/sys_linux.c:65:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fs_offset_t written = (fs_offset_t)write(outfd, text, (int)strlen(text));
data/darkplaces-0~20180908~beta1/sys_linux.c:124:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read (0, text, sizeof(text) - 1);
data/darkplaces-0~20180908~beta1/sys_sdl.c:96:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fs_offset_t written = (fs_offset_t)write(outfd, text, (int)strlen(text));
data/darkplaces-0~20180908~beta1/sys_sdl.c:156:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read (0, text, sizeof(text));
data/darkplaces-0~20180908~beta1/sys_sdl.c:177:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocsize = strlen(cliptext) + 1;
data/darkplaces-0~20180908~beta1/sys_shared.c:435:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(microseconds);
data/darkplaces-0~20180908~beta1/sys_win.c:120:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(houtput, text, (DWORD) strlen(text), &dummy, NULL);
data/darkplaces-0~20180908~beta1/utf8lib.c:201:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(_s);
data/darkplaces-0~20180908~beta1/utf8lib.c:265:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_s);
data/darkplaces-0~20180908~beta1/utf8lib.c:355:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_s);
data/darkplaces-0~20180908~beta1/utf8lib.c:441:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(_s) < i)
data/darkplaces-0~20180908~beta1/zone.c:881:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen (s) + 1;
ANALYSIS SUMMARY:
Hits = 1891
Lines analyzed = 195721 in approximately 5.31 seconds (36872 lines/second)
Physical Source Lines of Code (SLOC) = 153012
Hits@level = [0] 93 [1] 385 [2] 1445 [3] 28 [4] 31 [5] 2
Hits@level+ = [0+] 1984 [1+] 1891 [2+] 1506 [3+] 61 [4+] 33 [5+] 2
Hits/KSLOC@level+ = [0+] 12.9663 [1+] 12.3585 [2+] 9.84237 [3+] 0.398662 [4+] 0.215669 [5+] 0.0130709
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.