Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dmagnetic-0.27/testcode/magtest.c
Examining data/dmagnetic-0.27/testcode/instmatcher.c
Examining data/dmagnetic-0.27/src/loader/maggfxloader.c
Examining data/dmagnetic-0.27/src/loader/loader_mw.h
Examining data/dmagnetic-0.27/src/loader/maggfxloader.h
Examining data/dmagnetic-0.27/src/loader/loader_amstradcpc.h
Examining data/dmagnetic-0.27/src/loader/loader_msdos.c
Examining data/dmagnetic-0.27/src/loader/loader_msdos.h
Examining data/dmagnetic-0.27/src/loader/loader_d64.c
Examining data/dmagnetic-0.27/src/loader/loader_amstradcpc.c
Examining data/dmagnetic-0.27/src/loader/loader_mw.c
Examining data/dmagnetic-0.27/src/loader/loader_d64.h
Examining data/dmagnetic-0.27/src/gui/default_palette.c
Examining data/dmagnetic-0.27/src/gui/default_palette.h
Examining data/dmagnetic-0.27/src/gui/default_callbacks.c
Examining data/dmagnetic-0.27/src/gui/xglk_callbacks.c
Examining data/dmagnetic-0.27/src/gui/default_render.h
Examining data/dmagnetic-0.27/src/gui/default_callbacks.h
Examining data/dmagnetic-0.27/src/gui/default_render.c
Examining data/dmagnetic-0.27/src/gui/xglk_callbacks.h
Examining data/dmagnetic-0.27/src/toplevel/picture.h
Examining data/dmagnetic-0.27/src/toplevel/dMagnetic.c
Examining data/dmagnetic-0.27/src/toplevel/dMagnetic_xglk.c
Examining data/dmagnetic-0.27/src/toplevel/configuration.c
Examining data/dmagnetic-0.27/src/toplevel/configuration.h
Examining data/dmagnetic-0.27/src/toplevel/version.h
Examining data/dmagnetic-0.27/src/engine/vm68k/vm68k_decode.c
Examining data/dmagnetic-0.27/src/engine/vm68k/vm68k_macros.h
Examining data/dmagnetic-0.27/src/engine/vm68k/vm68k_loadstore.c
Examining data/dmagnetic-0.27/src/engine/vm68k/vm68k_loadstore.h
Examining data/dmagnetic-0.27/src/engine/vm68k/vm68k_datatypes.h
Examining data/dmagnetic-0.27/src/engine/vm68k/vm68k_decode.h
Examining data/dmagnetic-0.27/src/engine/vm68k/vm68k.c
Examining data/dmagnetic-0.27/src/engine/include/linea.h
Examining data/dmagnetic-0.27/src/engine/include/vm68k.h
Examining data/dmagnetic-0.27/src/engine/linea/gfx2loader.c
Examining data/dmagnetic-0.27/src/engine/linea/linea.c
Examining data/dmagnetic-0.27/src/engine/linea/gfx1loader.c
Examining data/dmagnetic-0.27/src/engine/linea/gfx1loader.h
FINAL RESULTS:
data/dmagnetic-0.27/src/engine/vm68k/vm68k_decode.c:156:32: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define INSTFOUND(x) case x: snprintf(name,64,#x); break;
data/dmagnetic-0.27/src/engine/linea/linea.c:313:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(random_seed);
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:168:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir=getenv("HOME");
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:306:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pl_lut[128]; // lookup table for left pixels
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:307:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pr_lut[128]; // lookup table for right pixels
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:308:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xorbuf[MAXPICWIDTH*2]; // ring buffer, to perform an XOR over two lines of stipples
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:309:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbbuf[16]; // RGB values are 6 bits wide. 2 bits red, 2 bits green, 2 bits blue.
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:498:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char halftonelut[4]={0,2,5,7};
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:791:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpbuf[6080+760+760]; // maximum size for a picture. plus room for the threebuf
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:792:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colour[4]={0};
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:798:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbvalues[16][3]={
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:851:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rlebuf[256];
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:852:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char threebuf[3]={0};
data/dmagnetic-0.27/src/engine/linea/gfx1loader.c:1015:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char codebook[16]={0x00,0x40,0x04,0x44,0x10,0x50,0x14,0x54,0x01,0x41,0x05,0x45,0x11,0x51,0x15,0x55};
data/dmagnetic-0.27/src/engine/linea/linea.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuf[256];
data/dmagnetic-0.27/src/engine/linea/linea.c:138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pLineA->magbuf,pMag,magsize);pLineA->magsize=magsize;
data/dmagnetic-0.27/src/engine/linea/linea.c:181:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pLineA->pMem,&pLineA->magbuf[idx],pLineA->codesize); idx+=pLineA->codesize;
data/dmagnetic-0.27/src/engine/linea/linea.c:194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pLineA->gfxbuf,pGfx,gfxsize);
data/dmagnetic-0.27/src/engine/linea/linea.c:736:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[4096]; // TODO
data/dmagnetic-0.27/src/engine/vm68k/vm68k.c:872:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/dmagnetic-0.27/src/engine/vm68k/vm68k.c:933:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/dmagnetic-0.27/src/gui/default_callbacks.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_ansi_characters[128]; // characters that are allowed for low ansi rendering
data/dmagnetic-0.27/src/gui/default_callbacks.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monochrome_characters[128]; // characters that are allowed for monochrome rendering
data/dmagnetic-0.27/src/gui/default_callbacks.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textoutput[MAXTEXTBUFFER];
data/dmagnetic-0.27/src/gui/default_callbacks.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headlineoutput[MAXHEADLINEBUFFER];
data/dmagnetic-0.27/src/gui/default_callbacks.c:619:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wb");
data/dmagnetic-0.27/src/gui/default_callbacks.c:635:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/dmagnetic-0.27/src/gui/default_callbacks.c:656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/dmagnetic-0.27/src/gui/default_callbacks.c:658:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char default_low_ansi_characters[DEFAULT_LOW_ANSI_CHARACTERS]="\\/|=L#T";
data/dmagnetic-0.27/src/gui/default_callbacks.c:660:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char default_monochrome_characters[DEFAULT_MONOCHROME_CHARACTERS]=" .:-=+*x#/@$X";
data/dmagnetic-0.27/src/gui/default_callbacks.c:682:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pContext->low_ansi_characters,default_low_ansi_characters,sizeof(default_low_ansi_characters));
data/dmagnetic-0.27/src/gui/default_callbacks.c:683:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pContext->monochrome_characters,default_monochrome_characters,sizeof(default_monochrome_characters));
data/dmagnetic-0.27/src/gui/default_callbacks.c:690:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pContext->rows=atoi(result);
data/dmagnetic-0.27/src/gui/default_callbacks.c:694:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pContext->columns=atoi(result);
data/dmagnetic-0.27/src/gui/default_callbacks.c:717:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pContext->low_ansi_characters,default_low_ansi_characters,DEFAULT_LOW_ANSI_CHARACTERS);
data/dmagnetic-0.27/src/gui/default_callbacks.c:723:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pContext->monochrome_characters,default_monochrome_characters,DEFAULT_MONOCHROME_CHARACTERS);
data/dmagnetic-0.27/src/gui/default_callbacks.c:736:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pContext->screenwidth =atoi(&result[0]);
data/dmagnetic-0.27/src/gui/default_callbacks.c:737:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pContext->screenheight=atoi(&result[i+1]);
data/dmagnetic-0.27/src/gui/default_callbacks.c:751:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[64];
data/dmagnetic-0.27/src/gui/default_callbacks.c:793:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows=atoi(result);
data/dmagnetic-0.27/src/gui/default_callbacks.c:804:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cols=atoi(result);
data/dmagnetic-0.27/src/gui/default_callbacks.c:819:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pContext->f_logfile=fopen(result,"wb");
data/dmagnetic-0.27/src/gui/default_callbacks.c:837:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pContext->screenwidth =atoi(&result[0]);
data/dmagnetic-0.27/src/gui/default_callbacks.c:838:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pContext->screenheight=atoi(&result[i+1]);
data/dmagnetic-0.27/src/gui/default_palette.c:130:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ansicols[16][16];
data/dmagnetic-0.27/src/gui/default_render.c:137:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char maxplut[16]={0};
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statustext[256];
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputwindowtext[(1<<20)];
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:120:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pContext->picture,picture,sizeof(tPicture));
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:147:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wb");
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:163:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commandbuf[256];
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string,commandbuf,l+2);
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamename[32];
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamefilename[MAXFILENAMELEN+1];
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXFILENAMELEN+1];
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extend[EXTENDLEN];
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:94:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char blocks[MAXBLOCKS];// block identifier
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:119:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char threebuf[3];
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:187:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&outputbuf[outputidx],&inputbuf[pDirEntries[i].offsets[j]],sectorsize);
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:396:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename[i],"rb");
data/dmagnetic-0.27/src/loader/loader_d64.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magicword[5]; // the word, that is hidden in the second sector of the disk image
data/dmagnetic-0.27/src/loader/loader_d64.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; // human readable
data/dmagnetic-0.27/src/loader/loader_d64.c:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char order[32]; // the order in which the pictures can be found in the images are not the same as in other releases.
data/dmagnetic-0.27/src/loader/loader_d64.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[5];
data/dmagnetic-0.27/src/loader/loader_d64.c:125:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char loader_d64_sectorcnt[D64_TRACKNUM]=
data/dmagnetic-0.27/src/loader/loader_d64.c:134:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[256];
data/dmagnetic-0.27/src/loader/loader_d64.c:225:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp1[256];
data/dmagnetic-0.27/src/loader/loader_d64.c:226:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp2[256];
data/dmagnetic-0.27/src/loader/loader_d64.c:319:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[256];
data/dmagnetic-0.27/src/loader/loader_d64.c:393:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[256];
data/dmagnetic-0.27/src/loader/loader_d64.c:436:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[256];
data/dmagnetic-0.27/src/loader/loader_d64.c:537:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename[i],"rb");
data/dmagnetic-0.27/src/loader/loader_msdos.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[8]; // the prefix for the game's binaries.
data/dmagnetic-0.27/src/loader/loader_msdos.c:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hufftab[256];
data/dmagnetic-0.27/src/loader/loader_msdos.c:76:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[3];
data/dmagnetic-0.27/src/loader/loader_msdos.c:146:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen((filename),"rb"); \
data/dmagnetic-0.27/src/loader/loader_msdos.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/dmagnetic-0.27/src/loader/loader_msdos.c:202:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/dmagnetic-0.27/src/loader/loader_msdos.c:214:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/dmagnetic-0.27/src/loader/loader_mw.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *names[12]={"zero","one","two","three","four","five","six","seven","eight","nine","title.vga","title.ega"};
data/dmagnetic-0.27/src/loader/loader_mw.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output,two_rsc,strlen(two_rsc));
data/dmagnetic-0.27/src/loader/loader_mw.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[onestart],&names[num][0],strlen(names[num])+1);
data/dmagnetic-0.27/src/loader/loader_mw.c:64:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[onestart+strlen(names[num])],&two_rsc[onestart+3],strlen(two_rsc)-onestart+4);
data/dmagnetic-0.27/src/loader/loader_mw.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/dmagnetic-0.27/src/loader/loader_mw.c:80:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/dmagnetic-0.27/src/loader/loader_mw.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/dmagnetic-0.27/src/loader/loader_mw.c:123:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/dmagnetic-0.27/src/loader/loader_mw.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[18];
data/dmagnetic-0.27/src/loader/loader_mw.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELENGTH+1];
data/dmagnetic-0.27/src/loader/loader_mw.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELENGTH+1];
data/dmagnetic-0.27/src/loader/loader_mw.c:209:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imageEntries[found].name,name,NAMELENGTH+1); // the name is the same. so it does not matter if it is being overwritten
data/dmagnetic-0.27/src/loader/loader_mw.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/dmagnetic-0.27/src/loader/loader_mw.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *names[2]={"titlev","titlee"};
data/dmagnetic-0.27/src/loader/loader_mw.c:251:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rb");
data/dmagnetic-0.27/src/loader/loader_mw.c:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[7];
data/dmagnetic-0.27/src/loader/loader_mw.c:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[18];
data/dmagnetic-0.27/src/loader/maggfxloader.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magfilename[1024];
data/dmagnetic-0.27/src/loader/maggfxloader.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gfxfilename[1024];
data/dmagnetic-0.27/src/loader/maggfxloader.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[1024];
data/dmagnetic-0.27/src/loader/maggfxloader.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magname[32];
data/dmagnetic-0.27/src/loader/maggfxloader.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gfxname[32];
data/dmagnetic-0.27/src/loader/maggfxloader.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msdosname[32];
data/dmagnetic-0.27/src/loader/maggfxloader.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d64name[32];
data/dmagnetic-0.27/src/loader/maggfxloader.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char amstradcpcname[32];
data/dmagnetic-0.27/src/loader/maggfxloader.c:173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gfxfilename,magfilename,l+1);
data/dmagnetic-0.27/src/loader/maggfxloader.c:199:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(magfilename,gfxfilename,l+1);
data/dmagnetic-0.27/src/loader/maggfxloader.c:217:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(magfilename,"rb");
data/dmagnetic-0.27/src/loader/maggfxloader.c:229:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(gfxfilename,"rb");
data/dmagnetic-0.27/src/toplevel/configuration.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/dmagnetic-0.27/src/toplevel/configuration.c:109:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retstring,&line[le+1],l-le);
data/dmagnetic-0.27/src/toplevel/configuration.c:136:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retstring,argv[i+1],strlen(argv[i+1])+1);
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inifilename[1024];
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:162:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *locations[LOCNUM]={"/etc/","/usr/local/share/","/usr/local/share/games/","/usr/local/share/dMagnetic/","/usr/local/games/","/usr/local/games/dMagnetic/","/usr/share/","/usr/share/games/","/usr/share/dMagnetic/","/usr/games/","/usr/games/dMagnetic/","/usr/share/doc/dmagnetic/","/usr/pkg/share/doc/dMagnetic/",
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:170:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_inifile=fopen(inifilename,"rb");
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:177:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_inifile=fopen(inifilename,"rb");
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:360:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_inifile=fopen(inifilename,"rb");
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[64];
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:406:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
random_seed=atoi(result);
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[64];
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:433:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
random_seed=atoi(result);
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[64];
data/dmagnetic-0.27/src/toplevel/dMagnetic.c:469:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_inifile=fopen(inifilename,"rb");
data/dmagnetic-0.27/src/toplevel/dMagnetic_xglk.c:67:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(magfilename,"rb");
data/dmagnetic-0.27/src/toplevel/dMagnetic_xglk.c:75:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(gfxfilename,"rb");
data/dmagnetic-0.27/src/toplevel/dMagnetic_xglk.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inifilename[1024];
data/dmagnetic-0.27/src/toplevel/dMagnetic_xglk.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magfilename[1024];
data/dmagnetic-0.27/src/toplevel/dMagnetic_xglk.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gfxfilename[1024];
data/dmagnetic-0.27/src/toplevel/dMagnetic_xglk.c:167:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_inifile=fopen("dMagnetic.ini","rb");
data/dmagnetic-0.27/src/toplevel/picture.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixels[262144];
data/dmagnetic-0.27/testcode/instmatcher.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/dmagnetic-0.27/testcode/magtest.c:68:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(argv[1],"rb");
data/dmagnetic-0.27/testcode/magtest.c:77:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(argv[2],"rb");
data/dmagnetic-0.27/src/engine/linea/linea.c:1204:20: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
tVM68k_bool mismatch;
data/dmagnetic-0.27/src/engine/linea/linea.c:1262:24: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
while (obj && !mismatch);
data/dmagnetic-0.27/src/gui/default_callbacks.c:357:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (l=0;l<strlen(string);l++)
data/dmagnetic-0.27/src/gui/default_callbacks.c:372:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(string);
data/dmagnetic-0.27/src/gui/default_callbacks.c:729:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(result);
data/dmagnetic-0.27/src/gui/default_callbacks.c:830:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(result);
data/dmagnetic-0.27/src/gui/default_render.c:230:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (a=0;a<strlen(allowed);a++)
data/dmagnetic-0.27/src/gui/default_render.c:372:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (a=0;a<strlen(allowed);a++)
data/dmagnetic-0.27/src/gui/default_render.c:418:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int scalenum=strlen(greyscales);
data/dmagnetic-0.27/src/gui/xglk_callbacks.c:240:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(commandbuf);
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:376:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(amstradcpcname);
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:539:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dirEntries[entrycnt].name,loader_amstradcpc_knownGames[m].gamefilename,strlen(loader_amstradcpc_knownGames[m].gamefilename))==0)
data/dmagnetic-0.27/src/loader/loader_amstradcpc.c:548:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m=strlen(loader_amstradcpc_knownGames[gamedetected].gamefilename);
data/dmagnetic-0.27/src/loader/loader_d64.c:518:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(d64name);
data/dmagnetic-0.27/src/loader/loader_mw.c:47:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(two_rsc);
data/dmagnetic-0.27/src/loader/loader_mw.c:56:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(output,two_rsc,strlen(two_rsc));
data/dmagnetic-0.27/src/loader/loader_mw.c:57:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&output[onestart],&names[num][0],strlen(names[num])+1);
data/dmagnetic-0.27/src/loader/loader_mw.c:60:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0;i<strlen(names[num]);i++) if (output[onestart+i]!='.') output[onestart+i]&=0x5f;
data/dmagnetic-0.27/src/loader/loader_mw.c:64:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&output[onestart+strlen(names[num])],&two_rsc[onestart+3],strlen(two_rsc)-onestart+4);
data/dmagnetic-0.27/src/loader/loader_mw.c:64:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&output[onestart+strlen(names[num])],&two_rsc[onestart+3],strlen(two_rsc)-onestart+4);
data/dmagnetic-0.27/src/loader/maggfxloader.c:167:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(magfilename);
data/dmagnetic-0.27/src/loader/maggfxloader.c:193:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(gfxfilename);
data/dmagnetic-0.27/src/toplevel/configuration.c:46:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls=strlen(section);
data/dmagnetic-0.27/src/toplevel/configuration.c:47:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
le=strlen(entry);
data/dmagnetic-0.27/src/toplevel/configuration.c:53:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(line);
data/dmagnetic-0.27/src/toplevel/configuration.c:76:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(line);
data/dmagnetic-0.27/src/toplevel/configuration.c:125:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i])==strlen(parameter))
data/dmagnetic-0.27/src/toplevel/configuration.c:125:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i])==strlen(parameter))
data/dmagnetic-0.27/src/toplevel/configuration.c:127:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(argv[i],parameter,strlen(parameter))==0)
data/dmagnetic-0.27/src/toplevel/configuration.c:134:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (retstringspace>strlen(argv[i+1]))
data/dmagnetic-0.27/src/toplevel/configuration.c:136:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(retstring,argv[i+1],strlen(argv[i+1])+1);
ANALYSIS SUMMARY:
Hits = 164
Lines analyzed = 10695 in approximately 0.36 seconds (29378 lines/second)
Physical Source Lines of Code (SLOC) = 8168
Hits@level = [0] 417 [1] 31 [2] 130 [3] 2 [4] 1 [5] 0
Hits@level+ = [0+] 581 [1+] 164 [2+] 133 [3+] 3 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 71.1312 [1+] 20.0784 [2+] 16.2831 [3+] 0.367287 [4+] 0.122429 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.